Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
mode11_N1Fz.exe

Overview

General Information

Sample name:mode11_N1Fz.exe
Analysis ID:1583719
MD5:5a2ad2d9d41aacfd8b0e51077ab36b9b
SHA1:6afe484fc93369222f765e6f8006e437a417393d
SHA256:d49c2451497109ae9f2646d06aa6dcf51b0f6af825d07f516b8dd59c03602401
Tags:exemalwaretrojanuser-Joker
Infos:

Detection

CobaltStrike
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected CobaltStrike
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Performs DNS queries to domains with low reputation
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
IP address seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
Sample execution stops while process was sleeping (likely an evasion)
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • mode11_N1Fz.exe (PID: 6564 cmdline: "C:\Users\user\Desktop\mode11_N1Fz.exe" MD5: 5A2AD2D9D41AACFD8B0E51077AB36B9B)
    • conhost.exe (PID: 6392 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Cobalt Strike, CobaltStrikeCobalt Strike is a paid penetration testing product that allows an attacker to deploy an agent named 'Beacon' on the victim machine. Beacon includes a wealth of functionality to the attacker, including, but not limited to command execution, key logging, file transfer, SOCKS proxying, privilege escalation, mimikatz, port scanning and lateral movement. Beacon is in-memory/file-less, in that it consists of stageless or multi-stage shellcode that once loaded by exploiting a vulnerability or executing a shellcode loader, will reflectively load itself into the memory of a process without touching the disk. It supports C2 and staging over HTTP, HTTPS, DNS, SMB named pipes as well as forward and reverse TCP; Beacons can be daisy-chained. Cobalt Strike comes with a toolkit for developing shellcode loaders, called Artifact Kit.The Beacon implant has become popular amongst targeted attackers and criminal users as it is well written, stable, and highly customizable.
  • APT 29
  • APT32
  • APT41
  • AQUATIC PANDA
  • Anunak
  • Cobalt
  • Codoso
  • CopyKittens
  • DarkHydrus
  • Earth Baxia
  • FIN6
  • FIN7
  • Leviathan
  • Mustang Panda
  • Shell Crew
  • Stone Panda
  • TianWu
  • UNC1878
  • UNC2452
  • Winnti Umbrella
https://malpedia.caad.fkie.fraunhofer.de/details/win.cobalt_strike

Malware Configuration

Threatname: CobaltStrike

{"BeaconType": ["HTTPS"], "Port": 8443, "SleepTime": 12000, "MaxGetSize": 1403642, "Jitter": 60, "C2Server": "632313373.xyz,/js/jquery-3.3.1.min.js", "HttpPostUri": "/post", "Malleable_C2_Instructions": ["Remove 1522 bytes from the end", "Remove 4016 bytes from the beginning", "Base64 decode"], "HttpGet_Verb": "GET", "HttpPost_Verb": "POST", "HttpPostChunk": 0, "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe", "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe", "CryptoScheme": 0, "Proxy_Behavior": "Use IE settings", "Watermark": 987654321, "bStageCleanup": "False", "bCFGCaution": "False", "KillDate": 0, "bProcInject_StartRWX": "False", "bProcInject_UseRWX": "False", "bProcInject_MinAllocSize": 17500, "ProcInject_PrependAppend_x86": ["kJCQkJCQkJCQ", "Empty"], "ProcInject_PrependAppend_x64": ["kJCQkJCQkJCQ", "Empty"], "ProcInject_Execute": ["ntdll.dll:RtlUserThreadStart", "NtQueueApcThread-s", "SetThreadContext", "CreateRemoteThread", "kernel32.dll:LoadLibraryA", "RtlCreateUserThread"], "ProcInject_AllocationMethod": "NtMapViewOfSection", "bUsesCookies": "False", "HostHeader": "Host: 632313373.xyz\r\n"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.3529152410.000000C000088000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_CobaltStrike_663fc95dIdentifies CobaltStrike via unidentified function codeunknown
  • 0x34d3c:$a: 48 89 5C 24 08 57 48 83 EC 20 48 8B 59 10 48 8B F9 48 8B 49 08 FF 17 33 D2 41 B8 00 80 00 00
00000000.00000002.3529152410.000000C000088000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_CobaltStrike_f0b627fcRule for beacon reflective loaderunknown
  • 0x3096a:$beacon_loader_x64: 25 FF FF FF 00 3D 41 41 41 00 75 1A 8B 44 24 78 25 FF FF FF 00 3D 42 42 42 00 75
  • 0x31c9b:$beacon_loader_x64: 25 FF FF FF 00 3D 41 41 41 00 75 1A 8B 44 24 78 25 FF FF FF 00 3D 42 42 42 00 75
00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_CobaltStrike_2Yara detected CobaltStrikeJoe Security
    00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_CobaltStrikeYara detected CobaltStrikeJoe Security
      00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_CobaltStrike_4Yara detected CobaltStrikeJoe Security
        Click to see the 22 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.2.mode11_N1Fz.exe.c000088000.1.raw.unpackWindows_Trojan_CobaltStrike_663fc95dIdentifies CobaltStrike via unidentified function codeunknown
        • 0x34d3c:$a: 48 89 5C 24 08 57 48 83 EC 20 48 8B 59 10 48 8B F9 48 8B 49 08 FF 17 33 D2 41 B8 00 80 00 00
        0.2.mode11_N1Fz.exe.c000088000.1.raw.unpackWindows_Trojan_CobaltStrike_f0b627fcRule for beacon reflective loaderunknown
        • 0x3096a:$beacon_loader_x64: 25 FF FF FF 00 3D 41 41 41 00 75 1A 8B 44 24 78 25 FF FF FF 00 3D 42 42 42 00 75
        • 0x31c9b:$beacon_loader_x64: 25 FF FF FF 00 3D 41 41 41 00 75 1A 8B 44 24 78 25 FF FF FF 00 3D 42 42 42 00 75
        0.2.mode11_N1Fz.exe.c000088000.1.unpackWindows_Trojan_CobaltStrike_663fc95dIdentifies CobaltStrike via unidentified function codeunknown
        • 0x3333c:$a: 48 89 5C 24 08 57 48 83 EC 20 48 8B 59 10 48 8B F9 48 8B 49 08 FF 17 33 D2 41 B8 00 80 00 00
        0.2.mode11_N1Fz.exe.c000088000.1.unpackWindows_Trojan_CobaltStrike_f0b627fcRule for beacon reflective loaderunknown
        • 0x2fd6a:$beacon_loader_x64: 25 FF FF FF 00 3D 41 41 41 00 75 1A 8B 44 24 78 25 FF FF FF 00 3D 42 42 42 00 75
        0.2.mode11_N1Fz.exe.c0000e0000.4.unpackWindows_Trojan_CobaltStrike_663fc95dIdentifies CobaltStrike via unidentified function codeunknown
        • 0x4113c:$a: 48 89 5C 24 08 57 48 83 EC 20 48 8B 59 10 48 8B F9 48 8B 49 08 FF 17 33 D2 41 B8 00 80 00 00
        Click to see the 23 entries

        Sigma Signatures

        No Sigma rule has matched

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus detection for URL or domain
        Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.js3/WAvira URL Cloud: Label: malware
        Source: https://632313373.xyz:8443/_Avira URL Cloud: Label: malware
        Source: https://632313373.xyz:8443/cAvira URL Cloud: Label: malware
        Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.js_Avira URL Cloud: Label: malware
        Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsXAvira URL Cloud: Label: malware
        Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsKAvira URL Cloud: Label: malware
        Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsdercAvira URL Cloud: Label: malware
        Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jscAvira URL Cloud: Label: malware
        Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsOAvira URL Cloud: Label: malware
        Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.js3/;Avira URL Cloud: Label: malware
        Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsyAvira URL Cloud: Label: malware
        Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsAvira URL Cloud: Label: malware
        Source: https://632313373.xyz:8443/Avira URL Cloud: Label: malware
        Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsgraphyAvira URL Cloud: Label: malware
        Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsgAvira URL Cloud: Label: malware
        Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsder;Avira URL Cloud: Label: malware
        Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.js3011b87bd06adAvira URL Cloud: Label: malware
        Source: https://632313373.xyz:8443/3Avira URL Cloud: Label: malware
        Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jssAvira URL Cloud: Label: malware
        Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsqAvira URL Cloud: Label: malware
        Source: https://632313373.xyz:8443/0Avira URL Cloud: Label: malware
        Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.js3011b87bd065dAvira URL Cloud: Label: malware
        Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.js3011b87bd06Avira URL Cloud: Label: malware
        Source: https://632313373.xyz:8443/#Avira URL Cloud: Label: malware
        Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.js#Avira URL Cloud: Label: malware
        Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.js3/Avira URL Cloud: Label: malware
        Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsderwAvira URL Cloud: Label: malware
        Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.js7Avira URL Cloud: Label: malware
        Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsnt:Avira URL Cloud: Label: malware
        Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsderoAvira URL Cloud: Label: malware
        Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsderAvira URL Cloud: Label: malware
        Source: https://632313373.xyz/Avira URL Cloud: Label: malware
        Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsderkAvira URL Cloud: Label: malware
        Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsINEER-PCAvira URL Cloud: Label: malware
        Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.js3011b87bd06P5Avira URL Cloud: Label: malware
        Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.js3/cAvira URL Cloud: Label: malware
        Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.js3Avira URL Cloud: Label: malware
        Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.js/Avira URL Cloud: Label: malware
        Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsowsAvira URL Cloud: Label: malware
        Source: 632313373.xyzAvira URL Cloud: Label: malware
        Found malware configuration
        Source: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmpMalware Configuration Extractor: CobaltStrike {"BeaconType": ["HTTPS"], "Port": 8443, "SleepTime": 12000, "MaxGetSize": 1403642, "Jitter": 60, "C2Server": "632313373.xyz,/js/jquery-3.3.1.min.js", "HttpPostUri": "/post", "Malleable_C2_Instructions": ["Remove 1522 bytes from the end", "Remove 4016 bytes from the beginning", "Base64 decode"], "HttpGet_Verb": "GET", "HttpPost_Verb": "POST", "HttpPostChunk": 0, "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe", "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe", "CryptoScheme": 0, "Proxy_Behavior": "Use IE settings", "Watermark": 987654321, "bStageCleanup": "False", "bCFGCaution": "False", "KillDate": 0, "bProcInject_StartRWX": "False", "bProcInject_UseRWX": "False", "bProcInject_MinAllocSize": 17500, "ProcInject_PrependAppend_x86": ["kJCQkJCQkJCQ", "Empty"], "ProcInject_PrependAppend_x64": ["kJCQkJCQkJCQ", "Empty"], "ProcInject_Execute": ["ntdll.dll:RtlUserThreadStart", "NtQueueApcThread-s", "SetThreadContext", "CreateRemoteThread", "kernel32.dll:LoadLibraryA", "RtlCreateUserThread"], "ProcInject_AllocationMethod": "NtMapViewOfSection", "bUsesCookies": "False", "HostHeader": "Host: 632313373.xyz\r\n"}
        Multi AV Scanner detection for submitted file
        Source: mode11_N1Fz.exeVirustotal: Detection: 19%Perma Link
        Source: mode11_N1Fz.exeReversingLabs: Detection: 13%
        AI detected suspicious sample
        Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
        Source: mode11_N1Fz.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

        Networking

        barindex
        C2 URLs / IPs found in malware configuration
        Source: Malware configuration extractorURLs: 632313373.xyz
        Performs DNS queries to domains with low reputation
        Source: DNS query: 632313373.xyz
        Source: global trafficTCP traffic: 192.168.2.6:49717 -> 188.114.96.3:8443
        Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
        Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeCode function: 0_2_000001F779F1E68C _snprintf,_snprintf,_snprintf,InternetQueryDataAvailable,InternetReadFile,InternetCloseHandle,0_2_000001F779F1E68C
        Source: global trafficDNS traffic detected: DNS query: 632313373.xyz
        Source: mode11_N1Fz.exe, 00000000.00000003.2792732203.000001F734B35000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c.pki.go
        Source: mode11_N1Fz.exe, 00000000.00000003.3072346567.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3108123500.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997781416.000001F734B37000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2535670629.000001F734B31000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997652358.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2792732203.000001F734B35000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2792654163.000001F734B2B000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734AAD000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2399909682.000001F734B29000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2638369388.000001F734B2B000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2638356184.000001F734B17000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2945200996.000001F734B35000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B3D000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3143276738.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2944993989.000001F734AEE000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B38000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621582441.000001F734B29000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2467259295.000001F734B29000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2570543877.000001F734B2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c.pki.goog/r/gsr1.crl0
        Source: mode11_N1Fz.exe, 00000000.00000003.3072346567.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3108123500.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2535670629.000001F734B31000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997652358.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2792654163.000001F734B2B000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734AAD000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3143342736.000001F734B37000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2399909682.000001F734B29000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2638369388.000001F734B2B000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2638356184.000001F734B17000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2945200996.000001F734B35000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B3D000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3143276738.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2944993989.000001F734AEE000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B38000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621582441.000001F734B29000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2467259295.000001F734B29000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2570543877.000001F734B2A000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2792751377.000001F734B2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c.pki.goog/r/r4.crl0
        Source: mode11_N1Fz.exe, 00000000.00000003.3072346567.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3108123500.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997781416.000001F734B37000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2535670629.000001F734B31000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997652358.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2792732203.000001F734B35000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2792654163.000001F734B2B000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734AAD000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3143342736.000001F734B37000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2399909682.000001F734B29000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2638369388.000001F734B2B000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2638356184.000001F734B17000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2945200996.000001F734B35000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B3D000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3143276738.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2944993989.000001F734AEE000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B38000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621582441.000001F734B29000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2467259295.000001F734B29000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c.pki.goog/we1/PCUeQViQlYc.crl0
        Source: mode11_N1Fz.exe, 00000000.00000003.3072346567.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3108123500.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997781416.000001F734B37000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2535670629.000001F734B31000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997652358.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2792732203.000001F734B35000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2792654163.000001F734B2B000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734AAD000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2399909682.000001F734B29000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2638369388.000001F734B2B000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2638356184.000001F734B17000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2945200996.000001F734B35000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B3D000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3143276738.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2944993989.000001F734AEE000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B38000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621582441.000001F734B29000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2467259295.000001F734B29000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2570543877.000001F734B2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://i.pki.goog/gsr1.crt0-
        Source: mode11_N1Fz.exe, 00000000.00000003.3072346567.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3108123500.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2535670629.000001F734B31000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997652358.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2792654163.000001F734B2B000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734AAD000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3143342736.000001F734B37000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2399909682.000001F734B29000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2638369388.000001F734B2B000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2638356184.000001F734B17000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2945200996.000001F734B35000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B3D000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3143276738.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2944993989.000001F734AEE000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B38000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621582441.000001F734B29000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2467259295.000001F734B29000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2570543877.000001F734B2A000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2792751377.000001F734B2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://i.pki.goog/r4.crt0
        Source: mode11_N1Fz.exe, 00000000.00000003.3072346567.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3108123500.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997781416.000001F734B37000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2535670629.000001F734B31000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997652358.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2792732203.000001F734B35000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2792654163.000001F734B2B000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734AAD000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3143342736.000001F734B37000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2399909682.000001F734B29000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2638369388.000001F734B2B000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2638356184.000001F734B17000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2945200996.000001F734B35000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B3D000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3143276738.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2944993989.000001F734AEE000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B38000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621582441.000001F734B29000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2467259295.000001F734B29000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://i.pki.goog/we1.crt0
        Source: mode11_N1Fz.exe, 00000000.00000003.3072346567.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3108123500.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997781416.000001F734B37000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2535670629.000001F734B31000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997652358.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2792732203.000001F734B35000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2792654163.000001F734B2B000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734AAD000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3143342736.000001F734B37000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2399909682.000001F734B29000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2638369388.000001F734B2B000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2638356184.000001F734B17000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2945200996.000001F734B35000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B3D000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3143276738.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2944993989.000001F734AEE000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B38000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621582441.000001F734B29000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2467259295.000001F734B29000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://o.pki.goog/s/we1/lk00%
        Source: mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734AAD000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997796113.000001F734ACB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz/
        Source: mode11_N1Fz.exe, 00000000.00000003.2997796113.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2467278904.000001F734B18000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B18000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2483283434.000001F734B17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/
        Source: mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/#
        Source: mode11_N1Fz.exe, 00000000.00000003.2997796113.000001F734ACB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/0
        Source: mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/3
        Source: mode11_N1Fz.exe, 00000000.00000003.2944993989.000001F734B19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/_
        Source: mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2638356184.000001F734B17000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/c
        Source: mode11_N1Fz.exe, 00000000.00000003.2483283434.000001F734B17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.js
        Source: mode11_N1Fz.exe, 00000000.00000003.2944993989.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997796113.000001F734B19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.js#
        Source: mode11_N1Fz.exe, 00000000.00000003.2638356184.000001F734B17000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2944993989.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3072346567.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997796113.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.js/
        Source: mode11_N1Fz.exe, 00000000.00000003.2638356184.000001F734B17000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2944993989.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3072346567.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997796113.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2467278904.000001F734B18000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B18000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2483283434.000001F734B17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.js3
        Source: mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B18000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2483283434.000001F734B17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.js3/
        Source: mode11_N1Fz.exe, 00000000.00000003.2467278904.000001F734B18000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2483283434.000001F734B17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.js3/;
        Source: mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2638356184.000001F734B17000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2944993989.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3072346567.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997796113.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2467278904.000001F734B18000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B18000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2483283434.000001F734B17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.js3/W
        Source: mode11_N1Fz.exe, 00000000.00000003.3072346567.000001F734B19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.js3/c
        Source: mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734AEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.js3011b87bd06
        Source: mode11_N1Fz.exe, 00000000.00000003.2944993989.000001F734AEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.js3011b87bd065d
        Source: mode11_N1Fz.exe, 00000000.00000003.2621399596.000001F734AEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.js3011b87bd06P5
        Source: mode11_N1Fz.exe, 00000000.00000003.2621399596.000001F734AEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.js3011b87bd06ad
        Source: mode11_N1Fz.exe, 00000000.00000003.2638356184.000001F734B17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.js7
        Source: mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734A8F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsINEER-PC
        Source: mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2638356184.000001F734B17000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2944993989.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3072346567.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997796113.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsK
        Source: mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2638356184.000001F734B17000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2944993989.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3072346567.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997796113.000001F734B19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsO
        Source: mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734A8F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsX
        Source: mode11_N1Fz.exe, 00000000.00000003.2638356184.000001F734B17000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2467278904.000001F734B18000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B18000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2483283434.000001F734B17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.js_
        Source: mode11_N1Fz.exe, 00000000.00000003.2467278904.000001F734B18000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2483283434.000001F734B17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsc
        Source: mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B18000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2483283434.000001F734B17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsder
        Source: mode11_N1Fz.exe, 00000000.00000003.2638356184.000001F734B17000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsder;
        Source: mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734AAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsderc
        Source: mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3072346567.000001F734B19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsderk
        Source: mode11_N1Fz.exe, 00000000.00000003.3072346567.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2467278904.000001F734B18000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2483283434.000001F734B17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsdero
        Source: mode11_N1Fz.exe, 00000000.00000003.2638356184.000001F734B17000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2944993989.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3072346567.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997796113.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2467278904.000001F734B18000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B18000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2483283434.000001F734B17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsderw
        Source: mode11_N1Fz.exe, 00000000.00000003.2638356184.000001F734B17000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsg
        Source: mode11_N1Fz.exe, 00000000.00000003.2997796113.000001F734AEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsgraphy
        Source: mode11_N1Fz.exe, 00000000.00000003.2997796113.000001F734B19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsk
        Source: mode11_N1Fz.exe, 00000000.00000003.2944993989.000001F734AEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsnt:
        Source: mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734A8F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jso
        Source: mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734A8F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsows
        Source: mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734AAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsq
        Source: mode11_N1Fz.exe, 00000000.00000003.2638356184.000001F734B17000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2944993989.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997796113.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jss
        Source: mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734A8F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsy
        Source: mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734A5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/what?indextype=1&__cfduid=
        Source: mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2467195329.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997796113.000001F734ACB000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2570510123.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B17000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2944993989.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2399854749.000001F734B24000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2483283434.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2483349830.000001F734B29000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B18000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2535704719.000001F734B23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/what?indextype=1&__cfduid=tb052J35p8RaKSXMmpBHSiaAfIZcen7AuR6EL9CgDZHBgGfVzq7

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 0.2.mode11_N1Fz.exe.c000088000.1.raw.unpack, type: UNPACKEDPEMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
        Source: 0.2.mode11_N1Fz.exe.c000088000.1.raw.unpack, type: UNPACKEDPEMatched rule: Rule for beacon reflective loader Author: unknown
        Source: 0.2.mode11_N1Fz.exe.c000088000.1.unpack, type: UNPACKEDPEMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
        Source: 0.2.mode11_N1Fz.exe.c000088000.1.unpack, type: UNPACKEDPEMatched rule: Rule for beacon reflective loader Author: unknown
        Source: 0.2.mode11_N1Fz.exe.c0000e0000.4.unpack, type: UNPACKEDPEMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
        Source: 0.2.mode11_N1Fz.exe.c0000e0000.4.unpack, type: UNPACKEDPEMatched rule: Rule for beacon reflective loader Author: unknown
        Source: 0.2.mode11_N1Fz.exe.c000106000.6.unpack, type: UNPACKEDPEMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
        Source: 0.2.mode11_N1Fz.exe.c000106000.6.unpack, type: UNPACKEDPEMatched rule: Rule for beacon reflective loader Author: unknown
        Source: 0.2.mode11_N1Fz.exe.1f779eb0000.8.raw.unpack, type: UNPACKEDPEMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
        Source: 0.2.mode11_N1Fz.exe.1f779eb0000.8.raw.unpack, type: UNPACKEDPEMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
        Source: 0.2.mode11_N1Fz.exe.1f779eb0000.8.raw.unpack, type: UNPACKEDPEMatched rule: Rule for beacon reflective loader Author: unknown
        Source: 0.2.mode11_N1Fz.exe.1f779eb0000.8.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
        Source: 0.2.mode11_N1Fz.exe.1f779eb0000.8.unpack, type: UNPACKEDPEMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
        Source: 0.2.mode11_N1Fz.exe.1f779eb0000.8.unpack, type: UNPACKEDPEMatched rule: Rule for beacon reflective loader Author: unknown
        Source: 0.2.mode11_N1Fz.exe.c000106000.6.raw.unpack, type: UNPACKEDPEMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
        Source: 0.2.mode11_N1Fz.exe.c000106000.6.raw.unpack, type: UNPACKEDPEMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
        Source: 0.2.mode11_N1Fz.exe.c000106000.6.raw.unpack, type: UNPACKEDPEMatched rule: Rule for beacon reflective loader Author: unknown
        Source: 00000000.00000002.3529152410.000000C000088000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
        Source: 00000000.00000002.3529152410.000000C000088000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
        Source: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
        Source: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
        Source: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
        Source: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
        Source: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
        Source: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
        Source: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
        Source: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 Author: unknown
        Source: 00000000.00000002.3530321544.000000C000106000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
        Source: 00000000.00000002.3530321544.000000C000106000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
        Source: 00000000.00000002.3530321544.000000C000106000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
        Source: Process Memory Space: mode11_N1Fz.exe PID: 6564, type: MEMORYSTRMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeCode function: 0_2_000001F779ED239C0_2_000001F779ED239C
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeCode function: 0_2_000001F779EDC3970_2_000001F779EDC397
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeCode function: 0_2_000001F779ED03740_2_000001F779ED0374
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeCode function: 0_2_000001F779EC03340_2_000001F779EC0334
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeCode function: 0_2_000001F779EB96800_2_000001F779EB9680
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeCode function: 0_2_000001F779EDC6800_2_000001F779EDC680
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeCode function: 0_2_000001F779EBCE3C0_2_000001F779EBCE3C
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeCode function: 0_2_000001F779EDE6000_2_000001F779EDE600
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeCode function: 0_2_000001F779ECF5A80_2_000001F779ECF5A8
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeCode function: 0_2_000001F779ED59140_2_000001F779ED5914
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeCode function: 0_2_000001F779EDCFF00_2_000001F779EDCFF0
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeCode function: 0_2_000001F779EDB7B00_2_000001F779EDB7B0
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeCode function: 0_2_000001F779EC6F380_2_000001F779EC6F38
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeCode function: 0_2_000001F779EDAAB00_2_000001F779EDAAB0
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeCode function: 0_2_000001F779ED12640_2_000001F779ED1264
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeCode function: 0_2_000001F779EB916C0_2_000001F779EB916C
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeCode function: 0_2_000001F779ED19280_2_000001F779ED1928
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeCode function: 0_2_000001F779F3DBF00_2_000001F779F3DBF0
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeCode function: 0_2_000001F779F27B380_2_000001F779F27B38
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeCode function: 0_2_000001F779F31E640_2_000001F779F31E64
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeCode function: 0_2_000001F779F325280_2_000001F779F32528
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeCode function: 0_2_000001F779F32F9C0_2_000001F779F32F9C
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeCode function: 0_2_000001F779F3D2800_2_000001F779F3D280
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeCode function: 0_2_000001F779F301A80_2_000001F779F301A8
        Source: 0.2.mode11_N1Fz.exe.c000088000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
        Source: 0.2.mode11_N1Fz.exe.c000088000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
        Source: 0.2.mode11_N1Fz.exe.c000088000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
        Source: 0.2.mode11_N1Fz.exe.c000088000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
        Source: 0.2.mode11_N1Fz.exe.c0000e0000.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
        Source: 0.2.mode11_N1Fz.exe.c0000e0000.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
        Source: 0.2.mode11_N1Fz.exe.c000106000.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
        Source: 0.2.mode11_N1Fz.exe.c000106000.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
        Source: 0.2.mode11_N1Fz.exe.1f779eb0000.8.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
        Source: 0.2.mode11_N1Fz.exe.1f779eb0000.8.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
        Source: 0.2.mode11_N1Fz.exe.1f779eb0000.8.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
        Source: 0.2.mode11_N1Fz.exe.1f779eb0000.8.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
        Source: 0.2.mode11_N1Fz.exe.1f779eb0000.8.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
        Source: 0.2.mode11_N1Fz.exe.1f779eb0000.8.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
        Source: 0.2.mode11_N1Fz.exe.c000106000.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
        Source: 0.2.mode11_N1Fz.exe.c000106000.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
        Source: 0.2.mode11_N1Fz.exe.c000106000.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
        Source: 00000000.00000002.3529152410.000000C000088000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
        Source: 00000000.00000002.3529152410.000000C000088000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
        Source: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
        Source: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
        Source: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
        Source: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
        Source: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
        Source: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
        Source: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
        Source: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 date_created = 2020-12-02, rev = FireEye, date_modified = 2020-12-02, md5 = f41074be5b423afb02a74bc74222e35d
        Source: 00000000.00000002.3530321544.000000C000106000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
        Source: 00000000.00000002.3530321544.000000C000106000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
        Source: 00000000.00000002.3530321544.000000C000106000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
        Source: Process Memory Space: mode11_N1Fz.exe PID: 6564, type: MEMORYSTRMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
        Source: classification engineClassification label: mal100.troj.winEXE@2/0@1/1
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6392:120:WilError_03
        Source: mode11_N1Fz.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: mode11_N1Fz.exeVirustotal: Detection: 19%
        Source: mode11_N1Fz.exeReversingLabs: Detection: 13%
        Source: mode11_N1Fz.exeString found in binary or memory: _cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevruntime: mcall function returnedruntime: newstack called from g=runtime: stack split at bad timepanic while printing panic valueruntime: setevent failed; errno=runtime.semasleep wait_abandoned" not supported for cpu option "MapIter.Value called before Nextuse of closed network connectioncrypto/aes: output not full blockCryptAcquireCertificatePrivateKeyGetVolumeNameForVolumeMountPointWInitializeProcThreadAttributeListSetupDiGetDeviceRegistryPropertyWSetupDiSetDeviceRegistryPropertyW142108547152020037174224853515625710542735760100185871124267578125too many levels of symbolic linksslice bounds out of range [%x:%y]base outside usable address spaceruntime: memory allocated by OS [misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspinningfreeing stack not in a stack spanstackalloc not on scheduler stackruntime: goroutine stack exceeds runtime: text offset out of rangetimer period must be non-negativetoo many concurrent timer firingsruntime: name offset out of rangeruntime: type offset out of rangeGODEBUG: no value specified for "reflect: slice index out of range of method on nil interface valuereflect: Field index out of rangereflect: array index out of rangewaiting for unsupported file typecrypto/aes: invalid buffer overlapillegal base64 data at input byte CM_Get_Device_Interface_List_SizeWSetFileCompletionNotificationModes3552713678800500929355621337890625too many references: cannot spliceslice bounds out of range [:%x:%y]slice bounds out of range [%x:%y:]out of memory allocating allArenas/memory/classes/heap/objects:bytesruntime.SetFinalizer: cannot pass too many pages allocated in chunk?mspan.ensureSwept: m is not lockedruntime: source value is too largeVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning with local workentersyscallblock inconsistent bp entersyscallblock inconsistent sp runtime: g is running but p is notreflect: Field of non-struct type reflect: Field index out of boundsreflect: string index out of rangeunexpected runtime.netpoll error: encoding/hex: odd length hex stringSubscribeServiceChangeNotifications1776356839400250464677810668945312588817841970012523233890533447265625ryuFtoaFixed32 called with prec > 9network dropped connection on resettransport endpoint is not connectedpersistentalloc: align is too large/memory/classes/heap/released:bytesgreyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid
        Source: mode11_N1Fz.exeString found in binary or memory: _cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevruntime: mcall function returnedruntime: newstack called from g=runtime: stack split at bad timepanic while printing panic valueruntime: setevent failed; errno=runtime.semasleep wait_abandoned" not supported for cpu option "MapIter.Value called before Nextuse of closed network connectioncrypto/aes: output not full blockCryptAcquireCertificatePrivateKeyGetVolumeNameForVolumeMountPointWInitializeProcThreadAttributeListSetupDiGetDeviceRegistryPropertyWSetupDiSetDeviceRegistryPropertyW142108547152020037174224853515625710542735760100185871124267578125too many levels of symbolic linksslice bounds out of range [%x:%y]base outside usable address spaceruntime: memory allocated by OS [misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspinningfreeing stack not in a stack spanstackalloc not on scheduler stackruntime: goroutine stack exceeds runtime: text offset out of rangetimer period must be non-negativetoo many concurrent timer firingsruntime: name offset out of rangeruntime: type offset out of rangeGODEBUG: no value specified for "reflect: slice index out of range of method on nil interface valuereflect: Field index out of rangereflect: array index out of rangewaiting for unsupported file typecrypto/aes: invalid buffer overlapillegal base64 data at input byte CM_Get_Device_Interface_List_SizeWSetFileCompletionNotificationModes3552713678800500929355621337890625too many references: cannot spliceslice bounds out of range [:%x:%y]slice bounds out of range [%x:%y:]out of memory allocating allArenas/memory/classes/heap/objects:bytesruntime.SetFinalizer: cannot pass too many pages allocated in chunk?mspan.ensureSwept: m is not lockedruntime: source value is too largeVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning with local workentersyscallblock inconsistent bp entersyscallblock inconsistent sp runtime: g is running but p is notreflect: Field of non-struct type reflect: Field index out of boundsreflect: string index out of rangeunexpected runtime.netpoll error: encoding/hex: odd length hex stringSubscribeServiceChangeNotifications1776356839400250464677810668945312588817841970012523233890533447265625ryuFtoaFixed32 called with prec > 9network dropped connection on resettransport endpoint is not connectedpersistentalloc: align is too large/memory/classes/heap/released:bytesgreyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid
        Source: mode11_N1Fz.exeString found in binary or memory: C:/Program Files/Go/src/net/addrselect.go
        Source: unknownProcess created: C:\Users\user\Desktop\mode11_N1Fz.exe "C:\Users\user\Desktop\mode11_N1Fz.exe"
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
        Source: mode11_N1Fz.exeStatic file information: File size 4033024 > 1048576
        Source: mode11_N1Fz.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x2dc400
        Source: mode11_N1Fz.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Source: mode11_N1Fz.exeStatic PE information: section name: .xdata
        Source: mode11_N1Fz.exeStatic PE information: section name: .symtab
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeCode function: 0_2_000001F779EE776C push 0000006Ah; retf 0_2_000001F779EE7784
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeCode function: 0_2_000001F779F403FC push ebp; iretd 0_2_000001F779F40401
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeCode function: 0_2_000001F779F1A35D push edi; iretd 0_2_000001F779F1A35E
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeCode function: 0_2_000001F779F1BD58 push ebp; iretd 0_2_000001F779F1BD59
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeCode function: 0_2_000001F779F20901 push ebx; iretd 0_2_000001F779F20902
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeCode function: 0_2_000001F779F3B898 push ebp; iretd 0_2_000001F779F3B899
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeCode function: 0_2_000001F779F3B86F push ebp; iretd 0_2_000001F779F3B870
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeCode function: 0_2_000001F779F3B84F push ebp; iretd 0_2_000001F779F3B850
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeCode function: 0_2_000001F779F1A71E push cs; retf 0_2_000001F779F1A71F
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeCode function: 0_2_000001F779F1C91C pushad ; retf 0_2_000001F779F1C91D
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeLast function: Thread delayed
        Source: mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734AAD000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997796113.000001F734AE2000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997796113.000001F734ACB000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734AE2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734A5C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeCode function: 0_2_000001F779F25E28 GetUserNameA,strrchr,_snprintf,0_2_000001F779F25E28
        Source: C:\Users\user\Desktop\mode11_N1Fz.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Remote Access Functionality

        barindex
        Yara detected CobaltStrike
        Source: Yara matchFile source: 0.2.mode11_N1Fz.exe.1f779eb0000.8.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.mode11_N1Fz.exe.1f779eb0000.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.mode11_N1Fz.exe.c000106000.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.3530321544.000000C000106000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: mode11_N1Fz.exe PID: 6564, type: MEMORYSTR

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
        Command and Scripting Interpreter        		1
        DLL Side-Loading        		1
        Process Injection        		1
        Process Injection        		OS Credential Dumping1
        Query Registry        		Remote Services1
        Archive Collected Data        		1
        Encrypted Channel        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
        DLL Side-Loading        		1
        Obfuscated Files or Information        		LSASS Memory1
        Security Software Discovery        		Remote Desktop ProtocolData from Removable Media1
        Non-Standard Port        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
        DLL Side-Loading        		Security Account Manager1
        Account Discovery        		SMB/Windows Admin SharesData from Network Shared Drive1
        Ingress Tool Transfer        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDS1
        System Owner/User Discovery        		Distributed Component Object ModelInput Capture1
        Non-Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets2
        System Information Discovery        		SSHKeylogging11
        Application Layer Protocol        		Scheduled TransferData Encrypted for Impact

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        mode11_N1Fz.exe19%VirustotalBrowse
        mode11_N1Fz.exe13%ReversingLabs

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        https://632313373.xyz:8443/js/jquery-3.3.1.min.js3/W100%Avira URL Cloudmalware
        https://632313373.xyz:8443/_100%Avira URL Cloudmalware
        https://632313373.xyz:8443/c100%Avira URL Cloudmalware
        https://632313373.xyz:8443/js/jquery-3.3.1.min.js_100%Avira URL Cloudmalware
        https://632313373.xyz:8443/js/jquery-3.3.1.min.jsX100%Avira URL Cloudmalware
        https://632313373.xyz:8443/js/jquery-3.3.1.min.jsK100%Avira URL Cloudmalware
        https://632313373.xyz:8443/js/jquery-3.3.1.min.jsderc100%Avira URL Cloudmalware
        https://632313373.xyz:8443/js/jquery-3.3.1.min.jsc100%Avira URL Cloudmalware
        https://632313373.xyz:8443/js/jquery-3.3.1.min.jsO100%Avira URL Cloudmalware
        https://632313373.xyz:8443/js/jquery-3.3.1.min.js3/;100%Avira URL Cloudmalware
        https://632313373.xyz:8443/js/jquery-3.3.1.min.jsy100%Avira URL Cloudmalware
        https://632313373.xyz:8443/js/jquery-3.3.1.min.js100%Avira URL Cloudmalware
        https://632313373.xyz:8443/100%Avira URL Cloudmalware
        https://632313373.xyz:8443/js/jquery-3.3.1.min.jsgraphy100%Avira URL Cloudmalware
        https://632313373.xyz:8443/js/jquery-3.3.1.min.jsg100%Avira URL Cloudmalware
        https://632313373.xyz:8443/js/jquery-3.3.1.min.jsder;100%Avira URL Cloudmalware
        https://632313373.xyz:8443/js/jquery-3.3.1.min.js3011b87bd06ad100%Avira URL Cloudmalware
        https://632313373.xyz:8443/3100%Avira URL Cloudmalware
        http://c.pki.go0%Avira URL Cloudsafe
        https://632313373.xyz:8443/js/jquery-3.3.1.min.jss100%Avira URL Cloudmalware
        https://632313373.xyz:8443/js/jquery-3.3.1.min.jsq100%Avira URL Cloudmalware
        https://632313373.xyz:8443/0100%Avira URL Cloudmalware
        https://632313373.xyz:8443/js/jquery-3.3.1.min.js3011b87bd065d100%Avira URL Cloudmalware
        https://632313373.xyz:8443/js/jquery-3.3.1.min.js3011b87bd06100%Avira URL Cloudmalware
        https://632313373.xyz:8443/#100%Avira URL Cloudmalware
        https://632313373.xyz:8443/js/jquery-3.3.1.min.js#100%Avira URL Cloudmalware
        https://632313373.xyz:8443/js/jquery-3.3.1.min.js3/100%Avira URL Cloudmalware
        https://632313373.xyz:8443/js/jquery-3.3.1.min.jsderw100%Avira URL Cloudmalware
        https://632313373.xyz:8443/js/jquery-3.3.1.min.js7100%Avira URL Cloudmalware
        https://632313373.xyz:8443/js/jquery-3.3.1.min.jsnt:100%Avira URL Cloudmalware
        https://632313373.xyz:8443/js/jquery-3.3.1.min.jsdero100%Avira URL Cloudmalware
        https://632313373.xyz:8443/js/jquery-3.3.1.min.jsder100%Avira URL Cloudmalware
        https://632313373.xyz/100%Avira URL Cloudmalware
        https://632313373.xyz:8443/js/jquery-3.3.1.min.jsderk100%Avira URL Cloudmalware
        https://632313373.xyz:8443/js/jquery-3.3.1.min.jsINEER-PC100%Avira URL Cloudmalware
        https://632313373.xyz:8443/js/jquery-3.3.1.min.js3011b87bd06P5100%Avira URL Cloudmalware
        https://632313373.xyz:8443/js/jquery-3.3.1.min.js3/c100%Avira URL Cloudmalware
        https://632313373.xyz:8443/js/jquery-3.3.1.min.js3100%Avira URL Cloudmalware
        https://632313373.xyz:8443/js/jquery-3.3.1.min.js/100%Avira URL Cloudmalware
        https://632313373.xyz:8443/js/jquery-3.3.1.min.jsows100%Avira URL Cloudmalware
        632313373.xyz100%Avira URL Cloudmalware

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        632313373.xyz
        		188.114.96.3
        		truefalse
          		high

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          632313373.xyztrue
          • Avira URL Cloud: malware
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://o.pki.goog/s/we1/lk00%mode11_N1Fz.exe, 00000000.00000003.3072346567.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3108123500.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997781416.000001F734B37000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2535670629.000001F734B31000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997652358.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2792732203.000001F734B35000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2792654163.000001F734B2B000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734AAD000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3143342736.000001F734B37000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2399909682.000001F734B29000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2638369388.000001F734B2B000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2638356184.000001F734B17000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2945200996.000001F734B35000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B3D000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3143276738.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2944993989.000001F734AEE000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B38000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621582441.000001F734B29000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2467259295.000001F734B29000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            https://632313373.xyz:8443/js/jquery-3.3.1.min.jsXmode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734A8F000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: malware
            		unknown
            https://632313373.xyz:8443/cmode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2638356184.000001F734B17000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B18000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: malware
            		unknown
            https://632313373.xyz:8443/js/jquery-3.3.1.min.jscmode11_N1Fz.exe, 00000000.00000003.2467278904.000001F734B18000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2483283434.000001F734B17000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: malware
            		unknown
            https://632313373.xyz:8443/js/jquery-3.3.1.min.js3/Wmode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2638356184.000001F734B17000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2944993989.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3072346567.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997796113.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2467278904.000001F734B18000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B18000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2483283434.000001F734B17000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: malware
            		unknown
            https://632313373.xyz:8443/_mode11_N1Fz.exe, 00000000.00000003.2944993989.000001F734B19000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: malware
            		unknown
            https://632313373.xyz:8443/js/jquery-3.3.1.min.js_mode11_N1Fz.exe, 00000000.00000003.2638356184.000001F734B17000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2467278904.000001F734B18000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B18000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2483283434.000001F734B17000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: malware
            		unknown
            https://632313373.xyz:8443/js/jquery-3.3.1.min.jsdercmode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734AAD000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: malware
            		unknown
            https://632313373.xyz:8443/js/jquery-3.3.1.min.jsKmode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2638356184.000001F734B17000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2944993989.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3072346567.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997796113.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B18000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: malware
            		unknown
            https://www.google.com/what?indextype=1&__cfduid=mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734A5C000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://632313373.xyz:8443/js/jquery-3.3.1.min.jsOmode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2638356184.000001F734B17000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2944993989.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3072346567.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997796113.000001F734B19000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              https://www.google.com/what?indextype=1&__cfduid=tb052J35p8RaKSXMmpBHSiaAfIZcen7AuR6EL9CgDZHBgGfVzq7mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2467195329.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997796113.000001F734ACB000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2570510123.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B17000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2944993989.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2399854749.000001F734B24000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2483283434.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2483349830.000001F734B29000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B18000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2535704719.000001F734B23000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://632313373.xyz:8443/js/jquery-3.3.1.min.js3/;mode11_N1Fz.exe, 00000000.00000003.2467278904.000001F734B18000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2483283434.000001F734B17000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: malware
                		unknown
                https://632313373.xyz:8443/js/jquery-3.3.1.min.jsymode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734A8F000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: malware
                		unknown
                https://632313373.xyz:8443/js/jquery-3.3.1.min.jsmode11_N1Fz.exe, 00000000.00000003.2483283434.000001F734B17000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: malware
                		unknown
                https://632313373.xyz:8443/mode11_N1Fz.exe, 00000000.00000003.2997796113.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2467278904.000001F734B18000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B18000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2483283434.000001F734B17000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: malware
                		unknown
                http://c.pki.goog/r/r4.crl0mode11_N1Fz.exe, 00000000.00000003.3072346567.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3108123500.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2535670629.000001F734B31000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997652358.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2792654163.000001F734B2B000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734AAD000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3143342736.000001F734B37000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2399909682.000001F734B29000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2638369388.000001F734B2B000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2638356184.000001F734B17000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2945200996.000001F734B35000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B3D000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3143276738.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2944993989.000001F734AEE000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B38000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621582441.000001F734B29000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2467259295.000001F734B29000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2570543877.000001F734B2A000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2792751377.000001F734B2B000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  http://i.pki.goog/r4.crt0mode11_N1Fz.exe, 00000000.00000003.3072346567.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3108123500.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2535670629.000001F734B31000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997652358.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2792654163.000001F734B2B000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734AAD000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3143342736.000001F734B37000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2399909682.000001F734B29000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2638369388.000001F734B2B000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2638356184.000001F734B17000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2945200996.000001F734B35000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B3D000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3143276738.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2944993989.000001F734AEE000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B38000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621582441.000001F734B29000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2467259295.000001F734B29000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2570543877.000001F734B2A000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2792751377.000001F734B2B000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://632313373.xyz:8443/js/jquery-3.3.1.min.jskmode11_N1Fz.exe, 00000000.00000003.2997796113.000001F734B19000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      https://632313373.xyz:8443/js/jquery-3.3.1.min.jsgraphymode11_N1Fz.exe, 00000000.00000003.2997796113.000001F734AEE000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: malware
                      		unknown
                      https://632313373.xyz:8443/js/jquery-3.3.1.min.jsgmode11_N1Fz.exe, 00000000.00000003.2638356184.000001F734B17000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B18000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: malware
                      		unknown
                      https://632313373.xyz:8443/js/jquery-3.3.1.min.jsder;mode11_N1Fz.exe, 00000000.00000003.2638356184.000001F734B17000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B18000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: malware
                      		unknown
                      http://c.pki.gomode11_N1Fz.exe, 00000000.00000003.2792732203.000001F734B35000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://632313373.xyz:8443/3mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B19000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: malware
                      		unknown
                      https://632313373.xyz:8443/js/jquery-3.3.1.min.js3011b87bd06admode11_N1Fz.exe, 00000000.00000003.2621399596.000001F734AEE000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: malware
                      		unknown
                      https://632313373.xyz:8443/js/jquery-3.3.1.min.jssmode11_N1Fz.exe, 00000000.00000003.2638356184.000001F734B17000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2944993989.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997796113.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B18000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: malware
                      		unknown
                      https://632313373.xyz:8443/js/jquery-3.3.1.min.jsqmode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734AAD000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: malware
                      		unknown
                      https://632313373.xyz:8443/0mode11_N1Fz.exe, 00000000.00000003.2997796113.000001F734ACB000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: malware
                      		unknown
                      https://632313373.xyz:8443/js/jquery-3.3.1.min.jsomode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734A8F000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        https://632313373.xyz:8443/js/jquery-3.3.1.min.js3011b87bd065dmode11_N1Fz.exe, 00000000.00000003.2944993989.000001F734AEE000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: malware
                        		unknown
                        https://632313373.xyz:8443/#mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B19000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: malware
                        		unknown
                        https://632313373.xyz:8443/js/jquery-3.3.1.min.js#mode11_N1Fz.exe, 00000000.00000003.2944993989.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997796113.000001F734B19000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: malware
                        		unknown
                        http://i.pki.goog/we1.crt0mode11_N1Fz.exe, 00000000.00000003.3072346567.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3108123500.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997781416.000001F734B37000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2535670629.000001F734B31000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997652358.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2792732203.000001F734B35000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2792654163.000001F734B2B000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734AAD000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3143342736.000001F734B37000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2399909682.000001F734B29000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2638369388.000001F734B2B000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2638356184.000001F734B17000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2945200996.000001F734B35000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B3D000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3143276738.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2944993989.000001F734AEE000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B38000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621582441.000001F734B29000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2467259295.000001F734B29000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://632313373.xyz:8443/js/jquery-3.3.1.min.js3011b87bd06mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734AEE000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: malware
                          		unknown
                          http://c.pki.goog/r/gsr1.crl0mode11_N1Fz.exe, 00000000.00000003.3072346567.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3108123500.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997781416.000001F734B37000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2535670629.000001F734B31000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997652358.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2792732203.000001F734B35000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2792654163.000001F734B2B000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734AAD000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2399909682.000001F734B29000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2638369388.000001F734B2B000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2638356184.000001F734B17000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2945200996.000001F734B35000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B3D000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3143276738.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2944993989.000001F734AEE000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B38000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621582441.000001F734B29000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2467259295.000001F734B29000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2570543877.000001F734B2A000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://632313373.xyz:8443/js/jquery-3.3.1.min.js3/mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B18000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2483283434.000001F734B17000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: malware
                            		unknown
                            https://632313373.xyz:8443/js/jquery-3.3.1.min.jsnt:mode11_N1Fz.exe, 00000000.00000003.2944993989.000001F734AEE000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: malware
                            		unknown
                            https://632313373.xyz:8443/js/jquery-3.3.1.min.jsderwmode11_N1Fz.exe, 00000000.00000003.2638356184.000001F734B17000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2944993989.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3072346567.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997796113.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2467278904.000001F734B18000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B18000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2483283434.000001F734B17000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: malware
                            		unknown
                            https://632313373.xyz:8443/js/jquery-3.3.1.min.js7mode11_N1Fz.exe, 00000000.00000003.2638356184.000001F734B17000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: malware
                            		unknown
                            http://c.pki.goog/we1/PCUeQViQlYc.crl0mode11_N1Fz.exe, 00000000.00000003.3072346567.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3108123500.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997781416.000001F734B37000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2535670629.000001F734B31000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997652358.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2792732203.000001F734B35000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2792654163.000001F734B2B000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734AAD000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3143342736.000001F734B37000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2399909682.000001F734B29000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2638369388.000001F734B2B000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2638356184.000001F734B17000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2945200996.000001F734B35000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B3D000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3143276738.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2944993989.000001F734AEE000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B38000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621582441.000001F734B29000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2467259295.000001F734B29000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://632313373.xyz:8443/js/jquery-3.3.1.min.jsderkmode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3072346567.000001F734B19000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: malware
                              		unknown
                              http://i.pki.goog/gsr1.crt0-mode11_N1Fz.exe, 00000000.00000003.3072346567.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3108123500.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997781416.000001F734B37000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2535670629.000001F734B31000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997652358.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2792732203.000001F734B35000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2792654163.000001F734B2B000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734AAD000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2399909682.000001F734B29000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2638369388.000001F734B2B000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2638356184.000001F734B17000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2945200996.000001F734B35000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734B3D000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3143276738.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2944993989.000001F734AEE000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B38000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621582441.000001F734B29000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2467259295.000001F734B29000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B23000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2570543877.000001F734B2A000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://632313373.xyz/mode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734AAD000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997796113.000001F734ACB000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: malware
                                		unknown
                                https://632313373.xyz:8443/js/jquery-3.3.1.min.jsderomode11_N1Fz.exe, 00000000.00000003.3072346567.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2467278904.000001F734B18000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2483283434.000001F734B17000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: malware
                                		unknown
                                https://632313373.xyz:8443/js/jquery-3.3.1.min.jsdermode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B18000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2483283434.000001F734B17000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: malware
                                		unknown
                                https://632313373.xyz:8443/js/jquery-3.3.1.min.jsINEER-PCmode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734A8F000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: malware
                                		unknown
                                https://632313373.xyz:8443/js/jquery-3.3.1.min.js3011b87bd06P5mode11_N1Fz.exe, 00000000.00000003.2621399596.000001F734AEE000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: malware
                                		unknown
                                https://632313373.xyz:8443/js/jquery-3.3.1.min.js3/cmode11_N1Fz.exe, 00000000.00000003.3072346567.000001F734B19000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: malware
                                		unknown
                                https://632313373.xyz:8443/js/jquery-3.3.1.min.js3mode11_N1Fz.exe, 00000000.00000003.2638356184.000001F734B17000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2944993989.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3072346567.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997796113.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2467278904.000001F734B18000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B18000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2483283434.000001F734B17000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: malware
                                		unknown
                                https://632313373.xyz:8443/js/jquery-3.3.1.min.jsowsmode11_N1Fz.exe, 00000000.00000002.3531068018.000001F734A8F000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: malware
                                		unknown
                                https://632313373.xyz:8443/js/jquery-3.3.1.min.js/mode11_N1Fz.exe, 00000000.00000003.2638356184.000001F734B17000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2944993989.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.3072346567.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2997796113.000001F734B19000.00000004.00000020.00020000.00000000.sdmp, mode11_N1Fz.exe, 00000000.00000003.2621513298.000001F734B18000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: malware
                                		unknown

                                World Map of Contacted IPs

                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs

                                Public IPs

                                IPDomainCountryFlagASNASN NameMalicious
                                188.114.96.3
                                		632313373.xyzEuropean Union
                                		13335CLOUDFLARENETUSfalse

                                General Information

                                Joe Sandbox version:41.0.0 Charoite
                                Analysis ID:1583719
                                Start date and time:2025-01-03 13:04:12 +01:00
                                Joe Sandbox product:CloudBasic
                                Overall analysis duration:0h 5m 1s
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Cookbook file name:default.jbs
                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                Number of analysed new started processes analysed:6
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:0
                                Technologies:
                                • HCA enabled
                                • EGA enabled
                                • AMSI enabled
                                Analysis Mode:default
                                Analysis stop reason:Timeout
                                Sample name:mode11_N1Fz.exe
                                Detection:MAL
                                Classification:mal100.troj.winEXE@2/0@1/1
                                EGA Information:
                                • Successful, ratio: 100%
                                HCA Information:Failed
                                Cookbook Comments:
                                • Found application associated with file extension: .exe

                                Warnings

                                • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                • Excluded IPs from analysis (whitelisted): 20.109.210.53
                                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                • Not all processes where analyzed, report is missing behavior information
                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                • Report size getting too big, too many NtQueryValueKey calls found.

                                Simulations

                                Behavior and APIs

                                TimeTypeDescription
                                07:05:25API Interceptor63x Sleep call for process: mode11_N1Fz.exe modified

                                Joe Sandbox View / Context

                                IPs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                188.114.96.3Gg6wivFINd.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                • unasnetds.ru/eternalPython_RequestUpdateprocessAuthSqlTrafficTemporary.php
                                QUOTATION_NOVQTRA071244#U00b7PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                • filetransfer.io/data-package/u7ghXEYp/download
                                CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                • www.mffnow.info/1a34/
                                A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                • www.mydreamdeal.click/1ag2/
                                SWIFT COPY 0028_pdf.exeGet hashmaliciousFormBookBrowse
                                • www.questmatch.pro/ipd6/
                                QUOTATION_NOVQTRA071244PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                • filetransfer.io/data-package/I7fmQg9d/download
                                need quotations.exeGet hashmaliciousFormBookBrowse
                                • www.rtpwslot888gol.sbs/jmkz/
                                QUOTATION_NOVQTRA071244PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                • filetransfer.io/data-package/Bh1Kj4RD/download
                                http://kklk16.bsyo45ksda.topGet hashmaliciousUnknownBrowse
                                • kklk16.bsyo45ksda.top/favicon.ico
                                QUOTATION_NOVQTRA071244#U00faPDF.scr.exeGet hashmaliciousUnknownBrowse
                                • filetransfer.io/data-package/XrlEIxYp/download

                                Domains

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                632313373.xyzm.exeGet hashmaliciousCobaltStrikeBrowse
                                • 188.114.97.3
                                svchostinter.exeGet hashmaliciousCobaltStrikeBrowse
                                • 172.67.175.230

                                ASNs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                CLOUDFLARENETUShttp://t1.awagama2.orgGet hashmaliciousUnknownBrowse
                                • 188.114.96.3
                                m.exeGet hashmaliciousCobaltStrikeBrowse
                                • 188.114.97.3
                                http://www.escudier-sas.frGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                • 104.18.11.207
                                Gg6wivFINd.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                • 188.114.96.3
                                Payment Receipt.exeGet hashmaliciousFormBookBrowse
                                • 188.114.97.3
                                http://www.technoafriwave.rwGet hashmaliciousUnknownBrowse
                                • 1.1.1.1
                                dropper.exeGet hashmaliciousUnknownBrowse
                                • 1.1.1.1
                                ebjtOH70jl.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                • 188.114.97.3
                                W2k2NLSvja.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                • 188.114.97.3
                                FACT0987789000900.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                • 188.114.96.3

                                JA3 Fingerprints

                                No context

                                Dropped Files

                                No context

                                Created / dropped Files

                                No created / dropped files found

                                Static File Info

                                General

                                File type:PE32+ executable (console) x86-64, for MS Windows
                                Entropy (8bit):6.645697811149242
                                TrID:
                                • Win64 Executable Console (202006/5) 92.65%
                                • Win64 Executable (generic) (12005/4) 5.51%
                                • Generic Win/DOS Executable (2004/3) 0.92%
                                • DOS Executable Generic (2002/1) 0.92%
                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                File name:mode11_N1Fz.exe
                                File size:4'033'024 bytes
                                MD5:5a2ad2d9d41aacfd8b0e51077ab36b9b
                                SHA1:6afe484fc93369222f765e6f8006e437a417393d
                                SHA256:d49c2451497109ae9f2646d06aa6dcf51b0f6af825d07f516b8dd59c03602401
                                SHA512:760dd4699cefcf2916f2b28292a23ff23643e2571c8a2e974125a842d3dc781452701d3762befd5b2f039a375ee7409b2016e258d1d4867f5e9ab8d10163c9a6
                                SSDEEP:49152:tgD5mHuE0r0VOjjC4mkZMyITWt1U4yP21Qsq8VT/0+2Ow2:tpGa
                                TLSH:1A16BF0BBCE119B9C0A993328AB652567B71BC090F3263D73A50B37C2F76BD49936744
                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.........;......."..........n................@..............................`B...........`... ............................

                                File Icon

                                Icon Hash:00928e8e8686b000

                                Static PE Info

                                General

                                Entrypoint:0x46ec80
                                Entrypoint Section:.text
                                Digitally signed:false
                                Imagebase:0x400000
                                Subsystem:windows cui
                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                Time Stamp:0x0 [Thu Jan 1 00:00:00 1970 UTC]
                                TLS Callbacks:
                                CLR (.Net) Version:
                                OS Version Major:6
                                OS Version Minor:1
                                File Version Major:6
                                File Version Minor:1
                                Subsystem Version Major:6
                                Subsystem Version Minor:1
                                Import Hash:d42595b695fc008ef2c56aabd8efd68e

                                Entrypoint Preview

                                Instruction
                                jmp 00007F4950822C30h
                                int3
                                int3
                                int3
                                int3
                                int3
                                int3
                                int3
                                int3
                                int3
                                int3
                                int3
                                int3
                                int3
                                int3
                                int3
                                int3
                                int3
                                int3
                                int3
                                int3
                                int3
                                int3
                                int3
                                int3
                                int3
                                int3
                                int3
                                push ebp
                                dec eax
                                mov ebp, esp
                                pushfd
                                cld
                                dec eax
                                sub esp, 000000E0h
                                dec eax
                                mov dword ptr [esp], edi
                                dec eax
                                mov dword ptr [esp+08h], esi
                                dec eax
                                mov dword ptr [esp+10h], ebp
                                dec eax
                                mov dword ptr [esp+18h], ebx
                                dec esp
                                mov dword ptr [esp+20h], esp
                                dec esp
                                mov dword ptr [esp+28h], ebp
                                dec esp
                                mov dword ptr [esp+30h], esi
                                dec esp
                                mov dword ptr [esp+38h], edi
                                movups dqword ptr [esp+40h], xmm6
                                movups dqword ptr [esp+50h], xmm7
                                inc esp
                                movups dqword ptr [esp+60h], xmm0
                                inc esp
                                movups dqword ptr [esp+70h], xmm1
                                inc esp
                                movups dqword ptr [esp+00000080h], xmm2
                                inc esp
                                movups dqword ptr [esp+00000090h], xmm3
                                inc esp
                                movups dqword ptr [esp+000000A0h], xmm4
                                inc esp
                                movups dqword ptr [esp+000000B0h], xmm5
                                inc esp
                                movups dqword ptr [esp+000000C0h], xmm6
                                inc esp
                                movups dqword ptr [esp+000000D0h], xmm7
                                inc ebp
                                xorps xmm7, xmm7
                                dec ebp
                                xor esi, esi
                                dec eax
                                mov eax, dword ptr [00387812h]
                                dec eax
                                mov eax, dword ptr [eax]
                                dec eax
                                cmp eax, 00000000h
                                je 00007F49508264D5h
                                dec esp
                                mov esi, dword ptr [eax]
                                dec eax
                                sub esp, 10h
                                dec eax
                                mov eax, ecx
                                dec eax
                                mov ebx, edx
                                call 00007F4950830AABh

                                Data Directories

                                NameVirtual AddressVirtual Size Is in Section
                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IMPORT0x4010000x53e.idata
                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x3fa0000x5370.pdata
                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x4020000x499c.reloc
                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IAT0x39a1a00x178.data
                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                Sections

                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                .text0x10000xbbbfc0xbbc00259f9be87cc369b51e3690ecee691075False0.47511130992010653data6.267039806214186IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                .rdata0xbd0000x2dc3c00x2dc400e426b568121764e8b535d618f091f0a1unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                .data0x39a0000x5fe400x16e008c4e4f11f08e7fa32a2461d8e5b73897False0.2855297984972678data3.2077810161720848IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                .pdata0x3fa0000x53700x54006b7df8b45d2250e08eb91fb84ea19749False0.4015531994047619data4.9405195822402IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                .xdata0x4000000xb40x200d5a432b15ea1de5871ba1b040f244088False0.228515625shared library1.787112262798912IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                .idata0x4010000x53e0x6001eed92b78c29d6c28ea4846d7c7f7421False0.3776041666666667OpenPGP Public Key4.017189066074398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                .reloc0x4020000x499c0x4a0007327396c5ce6db70861b1b3714f3a06False0.30938555743243246data5.393634428702928IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                .symtab0x4070000x1ee900x1f00070c30b7d79d0b6e5d94720c5d893a1dfFalse0.2522681451612903data5.088176736804498IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                Imports

                                DLLImport
                                kernel32.dllWriteFile, WriteConsoleW, WerSetFlags, WerGetFlags, WaitForMultipleObjects, WaitForSingleObject, VirtualQuery, VirtualFree, VirtualAlloc, TlsAlloc, SwitchToThread, SuspendThread, SetWaitableTimer, SetProcessPriorityBoost, SetEvent, SetErrorMode, SetConsoleCtrlHandler, RtlVirtualUnwind, RtlLookupFunctionEntry, ResumeThread, RaiseFailFastException, PostQueuedCompletionStatus, LoadLibraryW, LoadLibraryExW, SetThreadContext, GetThreadContext, GetSystemInfo, GetSystemDirectoryA, GetStdHandle, GetQueuedCompletionStatusEx, GetProcessAffinityMask, GetProcAddress, GetErrorMode, GetEnvironmentStringsW, GetCurrentThreadId, GetConsoleMode, FreeEnvironmentStringsW, ExitProcess, DuplicateHandle, CreateWaitableTimerExW, CreateThread, CreateIoCompletionPort, CreateEventA, CloseHandle, AddVectoredExceptionHandler, AddVectoredContinueHandler

                                Network Behavior

                                Network Port Distribution

                                TCP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Jan 3, 2025 13:05:24.635742903 CET497178443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:24.640516996 CET844349717188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:24.640630007 CET497178443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:24.650001049 CET497178443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:24.655061960 CET844349717188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:25.088118076 CET844349717188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:25.088135958 CET844349717188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:25.088148117 CET844349717188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:25.088263988 CET497178443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:25.105864048 CET497178443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:25.110647917 CET844349717188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:25.199531078 CET844349717188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:25.199605942 CET497178443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:25.239198923 CET497178443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:25.243995905 CET844349717188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:26.389962912 CET844349717188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:26.389983892 CET844349717188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:26.390017986 CET497178443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:26.390038013 CET844349717188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:26.390041113 CET497178443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:26.390065908 CET844349717188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:26.390077114 CET497178443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:26.390126944 CET844349717188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:26.390139103 CET844349717188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:26.390149117 CET844349717188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:26.390150070 CET497178443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:26.390157938 CET497178443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:26.390183926 CET497178443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:26.390197039 CET497178443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:26.960829973 CET497188443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:26.965679884 CET844349718188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:26.965744019 CET497188443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:26.966048956 CET497188443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:26.970837116 CET844349718188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:27.443366051 CET844349718188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:27.443435907 CET497188443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:27.444328070 CET497188443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:27.445853949 CET497188443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:27.449534893 CET844349718188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:27.451097965 CET844349718188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:28.553162098 CET844349718188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:28.553175926 CET844349718188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:28.553188086 CET844349718188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:28.553210020 CET844349718188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:28.553220987 CET844349718188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:28.553231955 CET844349718188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:28.553258896 CET497188443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:28.553320885 CET497188443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:33.569614887 CET497178443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:33.570364952 CET497198443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:33.575323105 CET844349717188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:33.575392962 CET497178443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:33.575913906 CET844349719188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:33.576046944 CET497198443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:33.576257944 CET497198443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:33.581856966 CET844349719188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:34.100667000 CET844349719188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:34.100780964 CET497198443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:34.101469994 CET497198443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:34.102638006 CET497198443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:34.106215954 CET844349719188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:34.107444048 CET844349719188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:35.211838007 CET844349719188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:35.211867094 CET844349719188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:35.211874962 CET844349719188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:35.211889982 CET844349719188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:35.211961985 CET844349719188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:35.211977005 CET844349719188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:35.211983919 CET497198443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:35.212049961 CET497198443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:35.319521904 CET497188443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:35.324593067 CET844349718188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:35.324670076 CET497188443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:35.327171087 CET497208443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:35.332070112 CET844349720188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:35.332154036 CET497208443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:35.332447052 CET497208443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:35.337238073 CET844349720188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:35.798968077 CET844349720188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:35.799098015 CET497208443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:35.799643993 CET497208443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:35.800738096 CET497208443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:35.804425955 CET844349720188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:35.805556059 CET844349720188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:36.918308973 CET844349720188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:36.918320894 CET844349720188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:36.918329000 CET844349720188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:36.918334007 CET844349720188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:36.918342113 CET844349720188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:36.918349028 CET844349720188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:36.918431044 CET497208443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:36.918472052 CET497208443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:37.022535086 CET497198443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:37.023019075 CET497218443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:37.027549982 CET844349719188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:37.027620077 CET497198443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:37.027787924 CET844349721188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:37.027863026 CET497218443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:37.028095007 CET497218443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:37.032870054 CET844349721188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:37.512507915 CET844349721188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:37.512633085 CET497218443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:37.513489962 CET497218443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:37.514571905 CET497218443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:37.518229008 CET844349721188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:37.519406080 CET844349721188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:38.609838963 CET844349721188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:38.609870911 CET844349721188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:38.609884977 CET844349721188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:38.609896898 CET497218443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:38.609904051 CET844349721188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:38.609915972 CET844349721188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:38.609925985 CET497218443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:38.609927893 CET844349721188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:38.609939098 CET844349721188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:38.609951973 CET497218443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:38.609970093 CET497218443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:38.730807066 CET497208443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:38.731545925 CET497228443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:38.735888004 CET844349720188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:38.735980988 CET497208443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:38.736337900 CET844349722188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:38.736403942 CET497228443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:38.736902952 CET497228443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:38.741698980 CET844349722188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:39.179245949 CET844349722188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:39.179308891 CET497228443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:39.179828882 CET497228443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:39.181077003 CET497228443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:39.184689045 CET844349722188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:39.185930014 CET844349722188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:40.285166979 CET844349722188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:40.285192013 CET844349722188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:40.285214901 CET844349722188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:40.285226107 CET844349722188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:40.285235882 CET844349722188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:40.285247087 CET844349722188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:40.285255909 CET497228443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:40.285255909 CET497228443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:40.285300016 CET497228443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:40.399250984 CET497218443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:40.399934053 CET497278443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:40.404241085 CET844349721188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:40.404303074 CET497218443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:40.404815912 CET844349727188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:40.404872894 CET497278443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:40.405397892 CET497278443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:40.410275936 CET844349727188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:40.869597912 CET844349727188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:40.869652033 CET497278443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:40.870124102 CET497278443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:40.873451948 CET497278443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:40.874908924 CET844349727188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:40.878249884 CET844349727188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:41.946784019 CET844349727188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:41.946810007 CET844349727188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:41.946820974 CET844349727188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:41.946835995 CET844349727188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:41.946846962 CET844349727188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:41.946851015 CET497278443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:41.946892977 CET497278443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:41.946917057 CET844349727188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:41.946950912 CET497278443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:41.946950912 CET497278443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:42.053812981 CET497228443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:42.058921099 CET844349722188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:42.058976889 CET497228443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:42.064965010 CET497308443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:42.069776058 CET844349730188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:42.069839954 CET497308443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:42.070138931 CET497308443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:42.074909925 CET844349730188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:42.526900053 CET844349730188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:42.526958942 CET497308443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:42.535751104 CET497308443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:42.539411068 CET497308443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:42.540551901 CET844349730188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:42.544215918 CET844349730188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:43.662344933 CET844349730188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:43.662408113 CET497308443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:43.662445068 CET844349730188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:43.662457943 CET844349730188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:43.662470102 CET844349730188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:43.662482023 CET844349730188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:43.662492990 CET844349730188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:43.662512064 CET497308443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:43.662539959 CET497308443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:43.662539959 CET497308443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:43.789187908 CET497278443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:43.793018103 CET497318443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:43.794234037 CET844349727188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:43.794357061 CET497278443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:43.798042059 CET844349731188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:43.798136950 CET497318443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:43.800925970 CET497318443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:43.805994034 CET844349731188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:44.265562057 CET844349731188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:44.265618086 CET497318443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:44.266535997 CET497318443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:44.267920017 CET497318443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:44.271383047 CET844349731188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:44.272664070 CET844349731188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:45.432656050 CET844349731188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:45.432672024 CET844349731188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:45.432723999 CET497318443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:45.432770014 CET844349731188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:45.432830095 CET844349731188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:45.432841063 CET844349731188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:45.432852983 CET844349731188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:45.432867050 CET844349731188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:45.432877064 CET844349731188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:45.432883978 CET497318443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:45.432898998 CET497318443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:45.432929993 CET497318443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:45.538397074 CET497308443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:45.539060116 CET497328443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:45.543530941 CET844349730188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:45.543847084 CET844349732188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:45.546622038 CET497308443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:45.546643972 CET497328443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:45.546977997 CET497328443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:45.551747084 CET844349732188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:45.996598005 CET844349732188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:45.996822119 CET497328443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:45.997369051 CET497328443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:45.998272896 CET497328443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:46.002433062 CET844349732188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:46.003038883 CET844349732188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:47.071996927 CET844349732188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:47.072010040 CET844349732188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:47.072026968 CET844349732188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:47.072040081 CET844349732188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:47.072051048 CET844349732188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:47.072065115 CET844349732188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:47.072066069 CET497328443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:47.072073936 CET844349732188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:47.072105885 CET497328443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:47.179003954 CET497318443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:47.179696083 CET497338443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:47.184082985 CET844349731188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:47.184143066 CET497318443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:47.184505939 CET844349733188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:47.184576035 CET497338443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:47.184990883 CET497338443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:47.189771891 CET844349733188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:47.646096945 CET844349733188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:47.646212101 CET497338443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:47.646658897 CET497338443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:47.647735119 CET497338443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:47.651412010 CET844349733188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:47.652466059 CET844349733188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:48.770565987 CET844349733188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:48.770622015 CET844349733188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:48.770632029 CET844349733188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:48.770643950 CET844349733188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:48.770657063 CET844349733188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:48.770668030 CET844349733188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:48.770678997 CET844349733188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:48.770694017 CET497338443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:48.770735979 CET497338443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:48.901390076 CET497328443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:48.906431913 CET844349732188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:48.906490088 CET497328443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:48.911667109 CET497348443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:48.916409016 CET844349734188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:48.916513920 CET497348443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:48.916807890 CET497348443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:48.921555996 CET844349734188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:49.384639025 CET844349734188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:49.384713888 CET497348443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:49.447208881 CET497348443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:49.451967001 CET844349734188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:49.490125895 CET497348443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:49.494875908 CET844349734188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:50.544395924 CET844349734188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:50.544429064 CET844349734188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:50.544456005 CET844349734188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:50.544476986 CET844349734188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:50.544487953 CET844349734188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:50.544493914 CET497348443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:50.544498920 CET844349734188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:50.544512987 CET844349734188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:50.544522047 CET497348443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:50.544572115 CET497348443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:50.647682905 CET497338443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:50.648324013 CET497358443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:50.652718067 CET844349733188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:50.652811050 CET497338443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:50.653101921 CET844349735188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:50.653186083 CET497358443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:50.653635979 CET497358443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:50.658416033 CET844349735188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:51.101268053 CET844349735188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:51.101360083 CET497358443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:51.101783991 CET497358443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:51.102788925 CET497358443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:51.106494904 CET844349735188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:51.107615948 CET844349735188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:52.276736975 CET844349735188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:52.276758909 CET844349735188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:52.276771069 CET844349735188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:52.276782990 CET844349735188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:52.276794910 CET844349735188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:52.276804924 CET844349735188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:52.276829004 CET497358443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:52.276881933 CET497358443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:52.382157087 CET497348443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:52.387092113 CET844349734188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:52.387149096 CET497348443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:52.390760899 CET497368443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:52.395603895 CET844349736188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:52.395675898 CET497368443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:52.396176100 CET497368443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:52.400919914 CET844349736188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:52.865788937 CET844349736188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:52.866039991 CET497368443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:52.866520882 CET497368443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:52.867503881 CET497368443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:52.871252060 CET844349736188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:52.872277975 CET844349736188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:54.011389017 CET844349736188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:54.011405945 CET844349736188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:54.011419058 CET844349736188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:54.011434078 CET844349736188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:54.011437893 CET497368443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:54.011449099 CET844349736188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:54.011462927 CET844349736188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:54.011497974 CET497368443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:54.011559963 CET497368443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:54.116493940 CET497358443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:54.116975069 CET497378443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:54.121598005 CET844349735188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:54.121684074 CET497358443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:54.121793032 CET844349737188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:54.121862888 CET497378443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:54.122334957 CET497378443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:54.127099037 CET844349737188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:54.577954054 CET844349737188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:54.578021049 CET497378443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:54.578519106 CET497378443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:54.579526901 CET497378443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:54.583292961 CET844349737188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:54.584316969 CET844349737188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:55.664237976 CET844349737188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:55.664263964 CET844349737188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:55.664278984 CET844349737188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:55.664290905 CET844349737188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:55.664308071 CET844349737188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:55.664305925 CET497378443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:55.664321899 CET844349737188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:55.664330006 CET844349737188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:55.664345980 CET497378443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:55.664381027 CET497378443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:55.786844969 CET497368443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:55.787309885 CET497388443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:55.792133093 CET844349738188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:55.792248011 CET497388443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:55.792282104 CET844349736188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:55.792345047 CET497368443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:55.792556047 CET497388443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:55.797323942 CET844349738188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:56.267334938 CET844349738188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:56.267476082 CET497388443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:56.268006086 CET497388443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:56.269068956 CET497388443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:56.272758007 CET844349738188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:56.273824930 CET844349738188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:57.365695000 CET844349738188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:57.365730047 CET844349738188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:57.365740061 CET844349738188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:57.365751982 CET844349738188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:57.365765095 CET844349738188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:57.365777016 CET844349738188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:57.365788937 CET844349738188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:57.365842104 CET497388443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:57.365871906 CET497388443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:57.474208117 CET497378443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:57.479213953 CET844349737188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:57.479269981 CET497378443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:57.498169899 CET497398443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:57.503046036 CET844349739188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:57.503132105 CET497398443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:57.503379107 CET497398443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:57.508207083 CET844349739188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:57.957045078 CET844349739188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:57.957216978 CET497398443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:57.957685947 CET497398443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:57.958973885 CET497398443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:57.962517977 CET844349739188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:57.963715076 CET844349739188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:59.056441069 CET844349739188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:59.056489944 CET844349739188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:59.056510925 CET844349739188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:59.056528091 CET497398443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:59.056548119 CET844349739188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:59.056559086 CET497398443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:59.056577921 CET844349739188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:59.056595087 CET497398443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:59.056607008 CET844349739188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:59.056642056 CET497398443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:59.058758974 CET497398443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:59.161823988 CET497388443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:59.166860104 CET844349738188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:59.166965008 CET497388443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:59.175980091 CET497408443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:59.182351112 CET844349740188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:59.182444096 CET497408443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:59.182686090 CET497408443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:59.189508915 CET844349740188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:59.631088018 CET844349740188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:59.631171942 CET497408443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:59.631690025 CET497408443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:59.632690907 CET497408443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:05:59.636547089 CET844349740188.114.96.3192.168.2.6
                                Jan 3, 2025 13:05:59.637518883 CET844349740188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:00.736103058 CET844349740188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:00.736128092 CET844349740188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:00.736141920 CET844349740188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:00.736152887 CET497408443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:00.736164093 CET844349740188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:00.736175060 CET497408443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:00.736176014 CET844349740188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:00.736186028 CET497408443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:00.736196995 CET844349740188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:00.736202955 CET497408443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:00.736219883 CET497408443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:00.736238003 CET497408443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:00.849147081 CET497398443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:00.849663973 CET497418443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:00.854453087 CET844349741188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:00.854533911 CET497418443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:00.854720116 CET497418443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:00.859476089 CET844349741188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:00.866770983 CET844349739188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:00.866835117 CET497398443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:01.349277020 CET844349741188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:01.349329948 CET497418443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:01.349764109 CET497418443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:01.350908041 CET497418443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:01.354504108 CET844349741188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:01.355734110 CET844349741188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:02.494030952 CET844349741188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:02.494050980 CET844349741188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:02.494071007 CET844349741188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:02.494085073 CET844349741188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:02.494085073 CET497418443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:02.494102955 CET844349741188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:02.494108915 CET497418443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:02.494122028 CET844349741188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:02.494162083 CET497418443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:02.494174004 CET497418443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:02.599772930 CET497408443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:02.600298882 CET497428443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:02.604815006 CET844349740188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:02.604948997 CET497408443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:02.605148077 CET844349742188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:02.605227947 CET497428443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:02.619522095 CET497428443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:02.624495983 CET844349742188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:03.070494890 CET844349742188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:03.070566893 CET497428443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:03.070960999 CET497428443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:03.071930885 CET497428443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:03.075769901 CET844349742188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:03.076796055 CET844349742188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:04.245392084 CET844349742188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:04.245444059 CET844349742188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:04.245454073 CET844349742188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:04.245480061 CET844349742188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:04.245496035 CET844349742188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:04.245515108 CET844349742188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:04.245527983 CET844349742188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:04.245553970 CET497428443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:04.245615005 CET497428443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:04.245615005 CET497428443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:04.245615005 CET497428443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:04.245615005 CET497428443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:04.246392965 CET497428443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:04.349287987 CET497418443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:04.349808931 CET497438443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:04.355498075 CET844349741188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:04.355520964 CET844349743188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:04.355566978 CET497418443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:04.355607033 CET497438443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:04.355806112 CET497438443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:04.360835075 CET844349743188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:04.817154884 CET844349743188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:04.817254066 CET497438443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:04.817699909 CET497438443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:04.818741083 CET497438443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:04.822506905 CET844349743188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:04.823582888 CET844349743188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:05.898806095 CET844349743188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:05.898835897 CET844349743188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:05.898854017 CET497438443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:05.898859978 CET844349743188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:05.898879051 CET844349743188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:05.898883104 CET497438443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:05.898891926 CET497438443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:05.898894072 CET844349743188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:05.898911953 CET497438443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:05.898916006 CET844349743188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:05.898931026 CET497438443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:05.898955107 CET497438443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:10.833904982 CET497428443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:10.834378958 CET497448443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:10.838912010 CET844349742188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:10.839004040 CET497428443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:10.839262962 CET844349744188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:10.839338064 CET497448443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:10.845354080 CET497448443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:10.850178957 CET844349744188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:11.283102036 CET844349744188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:11.283205032 CET497448443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:11.284028053 CET497448443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:11.284979105 CET497448443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:11.288810968 CET844349744188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:11.289711952 CET844349744188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:12.381365061 CET844349744188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:12.381382942 CET844349744188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:12.381395102 CET844349744188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:12.381407022 CET844349744188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:12.381418943 CET844349744188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:12.381455898 CET497448443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:12.381510019 CET497448443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:12.467962027 CET844349744188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:12.468024015 CET497448443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:12.583693027 CET497438443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:12.584212065 CET497458443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:12.588793993 CET844349743188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:12.588851929 CET497438443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:12.589238882 CET844349745188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:12.589318037 CET497458443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:12.589653015 CET497458443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:12.594621897 CET844349745188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:13.051002026 CET844349745188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:13.051085949 CET497458443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:13.051593065 CET497458443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:13.052736998 CET497458443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:13.056344032 CET844349745188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:13.057562113 CET844349745188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:14.208625078 CET844349745188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:14.208692074 CET844349745188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:14.208693027 CET497458443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:14.208709955 CET844349745188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:14.208722115 CET844349745188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:14.208734035 CET844349745188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:14.208744049 CET497458443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:14.208746910 CET844349745188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:14.208784103 CET497458443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:14.208797932 CET497458443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:14.599595070 CET497448443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:14.604624033 CET844349744188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:14.604680061 CET497448443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:14.612006903 CET497468443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:14.616852999 CET844349746188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:14.616919994 CET497468443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:14.617472887 CET497468443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:14.622267962 CET844349746188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:15.080879927 CET844349746188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:15.080934048 CET497468443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:15.081398964 CET497468443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:15.082391977 CET497468443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:15.086174965 CET844349746188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:15.087167025 CET844349746188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:16.247104883 CET844349746188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:16.247174025 CET497468443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:16.247288942 CET844349746188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:16.247302055 CET844349746188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:16.247318983 CET844349746188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:16.247332096 CET844349746188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:16.247343063 CET844349746188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:16.247347116 CET497468443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:16.247384071 CET497468443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:16.349481106 CET497458443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:16.349996090 CET497478443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:16.354445934 CET844349745188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:16.354551077 CET497458443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:16.354746103 CET844349747188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:16.354823112 CET497478443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:16.360197067 CET497478443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:16.365010023 CET844349747188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:16.809223890 CET844349747188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:16.809340000 CET497478443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:16.809711933 CET497478443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:16.810777903 CET497478443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:16.814455032 CET844349747188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:16.815547943 CET844349747188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:17.867728949 CET844349747188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:17.867763996 CET844349747188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:17.867779970 CET844349747188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:17.867784977 CET497478443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:17.867795944 CET844349747188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:17.867810965 CET497478443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:17.867819071 CET844349747188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:17.867822886 CET497478443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:17.867835045 CET844349747188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:17.867866039 CET497478443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:17.867866039 CET497478443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:17.867866039 CET497478443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:17.974308968 CET497468443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:17.974863052 CET497498443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:17.979240894 CET844349746188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:17.979293108 CET497468443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:17.979701042 CET844349749188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:17.979850054 CET497498443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:17.980014086 CET497498443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:17.984724045 CET844349749188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:18.478012085 CET844349749188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:18.478100061 CET497498443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:18.479042053 CET497498443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:18.480720043 CET497498443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:18.483879089 CET844349749188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:18.485524893 CET844349749188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:19.561496019 CET844349749188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:19.561523914 CET844349749188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:19.561534882 CET844349749188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:19.561552048 CET844349749188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:19.561568975 CET844349749188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:19.561582088 CET844349749188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:19.561592102 CET844349749188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:19.561734915 CET497498443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:19.677390099 CET497478443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:19.677850962 CET497508443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:19.682369947 CET844349747188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:19.682446957 CET497478443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:19.682660103 CET844349750188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:19.682732105 CET497508443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:19.683062077 CET497508443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:19.687834024 CET844349750188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:20.156894922 CET844349750188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:20.156960964 CET497508443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:20.157331944 CET497508443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:20.158284903 CET497508443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:20.162142038 CET844349750188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:20.163078070 CET844349750188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:21.256418943 CET844349750188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:21.256434917 CET844349750188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:21.256448030 CET844349750188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:21.256468058 CET844349750188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:21.256484985 CET844349750188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:21.256496906 CET844349750188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:21.256500006 CET497508443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:21.256546021 CET497508443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:21.364896059 CET497498443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:21.365334988 CET497518443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:21.369776011 CET844349749188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:21.369893074 CET497498443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:21.370208025 CET844349751188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:21.370305061 CET497518443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:21.370683908 CET497518443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:21.375504971 CET844349751188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:21.844732046 CET844349751188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:21.844830990 CET497518443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:21.845956087 CET497518443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:21.847187042 CET497518443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:21.850799084 CET844349751188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:21.851927042 CET844349751188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:22.939260960 CET844349751188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:22.939274073 CET844349751188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:22.939285994 CET844349751188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:22.939296961 CET844349751188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:22.939306974 CET844349751188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:22.939327955 CET844349751188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:22.939367056 CET497518443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:22.939425945 CET497518443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:23.092859030 CET497508443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:23.093734980 CET497528443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:23.097831964 CET844349750188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:23.097906113 CET497508443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:23.098527908 CET844349752188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:23.098588943 CET497528443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:23.106589079 CET497528443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:23.111347914 CET844349752188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:23.545622110 CET844349752188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:23.545691967 CET497528443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:23.546161890 CET497528443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:23.547478914 CET497528443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:23.550950050 CET844349752188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:23.552273035 CET844349752188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:24.634177923 CET844349752188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:24.634197950 CET844349752188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:24.634211063 CET844349752188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:24.634222984 CET844349752188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:24.634236097 CET844349752188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:24.634248018 CET844349752188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:24.634272099 CET497528443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:24.634321928 CET497528443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:24.771193027 CET497518443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:24.771691084 CET497538443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:24.776173115 CET844349751188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:24.776249886 CET497518443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:24.776474953 CET844349753188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:24.776545048 CET497538443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:24.776793003 CET497538443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:24.781605959 CET844349753188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:25.228116989 CET844349753188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:25.228235006 CET497538443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:25.228713989 CET497538443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:25.229762077 CET497538443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:25.233464956 CET844349753188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:25.234639883 CET844349753188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:26.367191076 CET844349753188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:26.367258072 CET844349753188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:26.367269993 CET844349753188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:26.367281914 CET844349753188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:26.367300034 CET844349753188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:26.367311001 CET844349753188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:26.367341042 CET497538443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:26.367388964 CET497538443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:26.474251986 CET497528443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:26.474785089 CET497548443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:26.479178905 CET844349752188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:26.479526043 CET844349754188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:26.479600906 CET497528443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:26.479635000 CET497548443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:26.479832888 CET497548443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:26.484580040 CET844349754188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:26.964303970 CET844349754188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:26.964421988 CET497548443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:26.964982986 CET497548443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:26.965986967 CET497548443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:26.969702959 CET844349754188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:26.970721960 CET844349754188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:28.033730030 CET844349754188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:28.033751011 CET844349754188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:28.033761024 CET844349754188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:28.033781052 CET844349754188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:28.033792019 CET844349754188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:28.033806086 CET844349754188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:28.033817053 CET844349754188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:28.033951044 CET497548443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:28.033951044 CET497548443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:28.033951044 CET497548443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:28.146276951 CET497538443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:28.146696091 CET497558443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:28.151289940 CET844349753188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:28.151354074 CET497538443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:28.151509047 CET844349755188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:28.151573896 CET497558443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:28.151798010 CET497558443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:28.156550884 CET844349755188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:28.599680901 CET844349755188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:28.599765062 CET497558443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:28.600173950 CET497558443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:28.601160049 CET497558443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:28.604953051 CET844349755188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:28.605962992 CET844349755188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:29.718710899 CET844349755188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:29.718732119 CET844349755188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:29.718743086 CET844349755188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:29.718763113 CET844349755188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:29.718780041 CET844349755188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:29.718791962 CET844349755188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:29.718826056 CET497558443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:29.718874931 CET497558443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:29.833700895 CET497548443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:29.839042902 CET844349754188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:29.839121103 CET497548443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:29.857620001 CET497568443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:29.862504005 CET844349756188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:29.862590075 CET497568443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:29.862876892 CET497568443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:29.867705107 CET844349756188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:30.312796116 CET844349756188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:30.312963963 CET497568443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:30.313471079 CET497568443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:30.314435005 CET497568443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:30.318281889 CET844349756188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:30.319233894 CET844349756188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:31.445029974 CET844349756188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:31.445060968 CET844349756188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:31.445072889 CET844349756188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:31.445095062 CET844349756188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:31.445111036 CET844349756188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:31.445125103 CET844349756188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:31.445131063 CET497568443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:31.445142031 CET844349756188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:31.445163012 CET497568443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:31.445187092 CET497568443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:31.552498102 CET497558443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:31.553101063 CET497578443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:31.558150053 CET844349755188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:31.558248997 CET497558443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:31.558619022 CET844349757188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:31.558696985 CET497578443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:31.559020996 CET497578443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:31.564301014 CET844349757188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:32.040751934 CET844349757188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:32.040843964 CET497578443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:32.041321039 CET497578443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:32.042604923 CET497578443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:32.046117067 CET844349757188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:32.047367096 CET844349757188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:33.133409023 CET844349757188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:33.133492947 CET844349757188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:33.133505106 CET844349757188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:33.133517027 CET844349757188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:33.133513927 CET497578443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:33.133528948 CET844349757188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:33.133541107 CET844349757188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:33.133553982 CET497578443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:33.133588076 CET497578443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:33.396682978 CET497568443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:33.397186041 CET497588443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:33.401762962 CET844349756188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:33.401839018 CET497568443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:33.401973963 CET844349758188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:33.402045965 CET497588443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:33.408586025 CET497588443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:33.413424969 CET844349758188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:33.879072905 CET844349758188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:33.879127026 CET497588443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:33.879836082 CET497588443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:33.882376909 CET497588443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:33.884625912 CET844349758188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:33.887142897 CET844349758188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:34.983963013 CET844349758188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:34.983983040 CET844349758188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:34.983994961 CET844349758188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:34.984005928 CET844349758188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:34.984016895 CET844349758188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:34.984018087 CET497588443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:34.984030008 CET844349758188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:34.984056950 CET497588443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:34.984066010 CET497588443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:35.099525928 CET497578443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:35.105732918 CET844349757188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:35.105815887 CET497578443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:35.126915932 CET497598443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:35.131761074 CET844349759188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:35.131849051 CET497598443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:35.132169008 CET497598443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:35.136931896 CET844349759188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:35.601967096 CET844349759188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:35.602092028 CET497598443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:35.930876970 CET497598443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:35.932174921 CET497598443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:35.935722113 CET844349759188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:35.936995029 CET844349759188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:37.093081951 CET844349759188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:37.093100071 CET844349759188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:37.093111992 CET844349759188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:37.093122959 CET844349759188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:37.093133926 CET844349759188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:37.093146086 CET844349759188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:37.093159914 CET844349759188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:37.093173981 CET497598443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:37.093211889 CET497598443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:37.208782911 CET497588443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:37.209283113 CET497608443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:37.213845015 CET844349758188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:37.214066982 CET844349760188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:37.214148045 CET497588443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:37.214194059 CET497608443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:37.214453936 CET497608443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:37.219171047 CET844349760188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:37.676182032 CET844349760188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:37.677222013 CET497608443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:37.677676916 CET497608443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:37.678679943 CET497608443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:37.682408094 CET844349760188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:37.683501005 CET844349760188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:38.762608051 CET844349760188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:38.762686014 CET844349760188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:38.762700081 CET844349760188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:38.762720108 CET844349760188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:38.762723923 CET497608443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:38.762736082 CET844349760188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:38.762749910 CET844349760188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:38.762765884 CET497608443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:38.762785912 CET497608443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:38.866905928 CET844349760188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:38.867125034 CET497608443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:38.974435091 CET497598443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:38.974950075 CET497618443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:38.979491949 CET844349759188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:38.979563951 CET497598443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:38.979799032 CET844349761188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:38.979861021 CET497618443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:38.980037928 CET497618443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:38.984874010 CET844349761188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:39.578924894 CET844349761188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:39.579015017 CET497618443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:39.579543114 CET497618443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:39.580594063 CET497618443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:39.584306002 CET844349761188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:39.585395098 CET844349761188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:40.669503927 CET844349761188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:40.669564962 CET844349761188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:40.669576883 CET844349761188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:40.669589996 CET844349761188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:40.669600010 CET844349761188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:40.669610977 CET844349761188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:40.669639111 CET497618443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:40.669683933 CET497618443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:40.786870956 CET497608443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:40.787364006 CET497638443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:40.791846991 CET844349760188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:40.791913033 CET497608443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:40.792160988 CET844349763188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:40.792217016 CET497638443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:40.792414904 CET497638443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:40.797131062 CET844349763188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:41.239450932 CET844349763188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:41.239578009 CET497638443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:41.240453005 CET497638443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:41.243587971 CET497638443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:41.245242119 CET844349763188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:41.248418093 CET844349763188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:42.347918034 CET844349763188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:42.347934008 CET844349763188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:42.347945929 CET844349763188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:42.347956896 CET844349763188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:42.347968102 CET844349763188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:42.347979069 CET844349763188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:42.348030090 CET497638443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:42.348093033 CET497638443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:42.693078041 CET497618443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:42.693553925 CET497648443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:42.698179960 CET844349761188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:42.698231936 CET497618443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:42.698323011 CET844349764188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:42.698395014 CET497648443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:42.698576927 CET497648443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:42.703353882 CET844349764188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:43.199445009 CET844349764188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:43.199515104 CET497648443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:43.200165987 CET497648443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:43.201109886 CET497648443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:43.204894066 CET844349764188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:43.205862045 CET844349764188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:44.332083941 CET844349764188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:44.332108974 CET844349764188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:44.332119942 CET844349764188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:44.332130909 CET844349764188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:44.332144022 CET844349764188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:44.332155943 CET844349764188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:44.332195997 CET497648443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:44.332236052 CET497648443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:44.443114042 CET497638443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:44.443830967 CET497658443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:44.448086977 CET844349763188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:44.448143959 CET497638443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:44.448657036 CET844349765188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:44.448721886 CET497658443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:44.449086905 CET497658443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:44.453850985 CET844349765188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:44.904480934 CET844349765188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:44.904591084 CET497658443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:44.919601917 CET497658443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:44.920633078 CET497658443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:44.924375057 CET844349765188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:44.925482988 CET844349765188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:46.041160107 CET844349765188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:46.041187048 CET844349765188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:46.041198969 CET844349765188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:46.041209936 CET844349765188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:46.041215897 CET497658443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:46.041220903 CET844349765188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:46.041233063 CET844349765188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:46.041246891 CET497658443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:46.041294098 CET497658443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:46.146570921 CET497648443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:46.151607990 CET844349764188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:46.151664972 CET497648443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:46.159161091 CET497668443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:46.163969040 CET844349766188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:46.164031029 CET497668443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:46.164488077 CET497668443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:46.169298887 CET844349766188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:46.619241953 CET844349766188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:46.619329929 CET497668443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:46.626810074 CET497668443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:46.628474951 CET497668443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:46.631591082 CET844349766188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:46.633213043 CET844349766188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:47.774427891 CET844349766188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:47.774458885 CET844349766188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:47.774470091 CET844349766188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:47.774482012 CET844349766188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:47.774496078 CET844349766188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:47.774508953 CET844349766188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:47.774539948 CET497668443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:47.774580002 CET844349766188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:47.774593115 CET497668443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:47.776587009 CET497668443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:48.007482052 CET497658443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:48.008358002 CET497678443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:48.012525082 CET844349765188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:48.012581110 CET497658443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:48.013142109 CET844349767188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:48.013206005 CET497678443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:48.013448954 CET497678443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:48.018181086 CET844349767188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:48.455804110 CET844349767188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:48.455991983 CET497678443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:48.456628084 CET497678443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:48.457675934 CET497678443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:48.461430073 CET844349767188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:48.462426901 CET844349767188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:49.556857109 CET844349767188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:49.556890011 CET844349767188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:49.556900978 CET844349767188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:49.556911945 CET844349767188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:49.556931019 CET844349767188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:49.556941032 CET844349767188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:49.556952953 CET844349767188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:49.556993008 CET497678443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:49.557033062 CET497678443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:49.661902905 CET497668443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:49.666924000 CET844349766188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:49.667032957 CET497668443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:49.670631886 CET497688443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:49.675479889 CET844349768188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:49.676625013 CET497688443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:49.676840067 CET497688443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:49.681616068 CET844349768188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:50.144573927 CET844349768188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:50.144649029 CET497688443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:50.145051956 CET497688443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:50.146018028 CET497688443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:50.149856091 CET844349768188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:50.150846958 CET844349768188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:51.315736055 CET844349768188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:51.315753937 CET844349768188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:51.315766096 CET844349768188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:51.315777063 CET844349768188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:51.315788984 CET844349768188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:51.315802097 CET844349768188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:51.315926075 CET497688443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:51.427613020 CET497678443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:51.428092003 CET497698443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:51.432652950 CET844349767188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:51.432750940 CET497678443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:51.432921886 CET844349769188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:51.432996988 CET497698443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:51.433336020 CET497698443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:51.438193083 CET844349769188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:51.911295891 CET844349769188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:51.911609888 CET497698443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:51.912034035 CET497698443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:51.913053989 CET497698443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:51.916788101 CET844349769188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:51.917912006 CET844349769188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:53.017030001 CET844349769188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:53.017059088 CET844349769188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:53.017071009 CET844349769188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:53.017083883 CET844349769188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:53.017087936 CET497698443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:53.017096043 CET844349769188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:53.017108917 CET844349769188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:53.017115116 CET497698443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:53.017115116 CET497698443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:53.017139912 CET497698443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:53.017159939 CET497698443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:53.153767109 CET497688443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:53.157919884 CET497708443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:53.158833981 CET844349768188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:53.158895016 CET497688443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:53.162736893 CET844349770188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:53.162810087 CET497708443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:53.171298981 CET497708443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:53.178410053 CET844349770188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:53.629219055 CET844349770188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:53.629326105 CET497708443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:53.629895926 CET497708443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:53.631141901 CET497708443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:53.634641886 CET844349770188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:53.635987043 CET844349770188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:54.724767923 CET844349770188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:54.724791050 CET844349770188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:54.724802017 CET844349770188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:54.724822044 CET844349770188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:54.724834919 CET844349770188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:54.724845886 CET844349770188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:54.724858046 CET844349770188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:54.724874973 CET497708443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:54.724926949 CET497708443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:54.833731890 CET497698443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:54.834294081 CET497718443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:54.839590073 CET844349769188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:54.839606047 CET844349771188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:54.839674950 CET497698443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:54.839720964 CET497718443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:54.840110064 CET497718443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:54.844857931 CET844349771188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:55.288178921 CET844349771188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:55.288264990 CET497718443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:55.288675070 CET497718443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:55.289874077 CET497718443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:55.293504953 CET844349771188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:55.294711113 CET844349771188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:56.341547966 CET844349771188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:56.341558933 CET844349771188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:56.341569901 CET844349771188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:56.341582060 CET844349771188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:56.341593027 CET844349771188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:56.341604948 CET844349771188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:56.341614008 CET844349771188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:56.341649055 CET497718443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:56.341701031 CET497718443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:56.453104019 CET497708443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:56.453587055 CET497728443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:56.458102942 CET844349770188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:56.458180904 CET497708443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:56.458405018 CET844349772188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:56.458482027 CET497728443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:56.458766937 CET497728443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:56.463576078 CET844349772188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:56.904289007 CET844349772188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:56.904378891 CET497728443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:56.904805899 CET497728443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:56.905720949 CET497728443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:56.909627914 CET844349772188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:56.910515070 CET844349772188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:57.981527090 CET844349772188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:57.981542110 CET844349772188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:57.981553078 CET844349772188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:57.981563091 CET844349772188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:57.981575966 CET844349772188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:57.981587887 CET844349772188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:57.981645107 CET497728443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:57.981687069 CET497728443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:58.093842983 CET497718443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:58.094311953 CET497738443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:58.099172115 CET844349771188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:58.099189043 CET844349773188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:58.099234104 CET497718443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:58.099267960 CET497738443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:58.099463940 CET497738443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:58.104253054 CET844349773188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:58.565736055 CET844349773188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:58.565924883 CET497738443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:58.566359997 CET497738443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:58.567390919 CET497738443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:58.571165085 CET844349773188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:58.572144985 CET844349773188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:59.660362959 CET844349773188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:59.660388947 CET844349773188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:59.660399914 CET844349773188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:59.660444021 CET844349773188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:59.660454988 CET844349773188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:59.660465956 CET844349773188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:59.660578966 CET497738443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:59.660578966 CET497738443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:59.660578966 CET497738443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:59.660578966 CET497738443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:59.765845060 CET497728443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:59.766294956 CET497748443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:59.771085024 CET844349774188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:59.771100044 CET844349772188.114.96.3192.168.2.6
                                Jan 3, 2025 13:06:59.771169901 CET497728443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:59.771188021 CET497748443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:59.771539927 CET497748443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:06:59.776304960 CET844349774188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:00.222798109 CET844349774188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:00.222929955 CET497748443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:00.223486900 CET497748443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:00.224433899 CET497748443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:00.228302956 CET844349774188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:00.229182005 CET844349774188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:01.396835089 CET844349774188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:01.396850109 CET844349774188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:01.396861076 CET844349774188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:01.396879911 CET844349774188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:01.396892071 CET844349774188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:01.396903992 CET844349774188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:01.396913052 CET844349774188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:01.396929979 CET497748443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:01.397125959 CET497748443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:01.500194073 CET497738443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:01.500649929 CET497758443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:01.505181074 CET844349773188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:01.505232096 CET497738443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:01.505464077 CET844349775188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:01.505517960 CET497758443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:01.505714893 CET497758443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:01.510451078 CET844349775188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:01.976852894 CET844349775188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:01.976906061 CET497758443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:01.977539062 CET497758443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:01.980262995 CET497758443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:01.982299089 CET844349775188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:01.985037088 CET844349775188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:03.068543911 CET844349775188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:03.068622112 CET844349775188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:03.068636894 CET844349775188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:03.068651915 CET844349775188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:03.068665981 CET844349775188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:03.068681002 CET844349775188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:03.068694115 CET497758443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:03.068744898 CET497758443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:03.172601938 CET497748443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:03.173079967 CET497768443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:03.177659988 CET844349774188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:03.177738905 CET497748443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:03.177907944 CET844349776188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:03.177973986 CET497768443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:03.180835009 CET497768443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:03.185611963 CET844349776188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:03.621309996 CET844349776188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:03.621397018 CET497768443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:03.621889114 CET497768443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:03.622894049 CET497768443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:03.626630068 CET844349776188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:03.627620935 CET844349776188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:04.743201017 CET844349776188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:04.743213892 CET844349776188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:04.743225098 CET844349776188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:04.743237019 CET844349776188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:04.743247986 CET844349776188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:04.743294954 CET497768443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:04.743333101 CET497768443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:04.829338074 CET844349776188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:04.829435110 CET497768443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:04.937601089 CET497758443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:04.938081980 CET497778443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:04.942600965 CET844349775188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:04.942650080 CET497758443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:04.942913055 CET844349777188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:04.942975044 CET497778443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:04.943226099 CET497778443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:04.948873997 CET844349777188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:05.412131071 CET844349777188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:05.412205935 CET497778443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:05.412646055 CET497778443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:05.413584948 CET497778443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:05.417458057 CET844349777188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:05.418401957 CET844349777188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:06.533562899 CET844349777188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:06.533586025 CET844349777188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:06.533601999 CET844349777188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:06.533612967 CET844349777188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:06.533623934 CET844349777188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:06.533636093 CET844349777188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:06.533653021 CET497778443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:06.533694983 CET497778443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:06.640780926 CET497768443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:06.641376019 CET497788443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:06.645704985 CET844349776188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:06.645766020 CET497768443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:06.646117926 CET844349778188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:06.646178007 CET497788443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:06.646460056 CET497788443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:06.651176929 CET844349778188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:07.116118908 CET844349778188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:07.116225004 CET497788443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:07.116616964 CET497788443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:07.117532015 CET497788443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:07.121390104 CET844349778188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:07.122265100 CET844349778188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:08.221697092 CET844349778188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:08.221750021 CET844349778188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:08.221760988 CET844349778188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:08.221770048 CET844349778188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:08.221781969 CET844349778188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:08.221785069 CET497788443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:08.221793890 CET844349778188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:08.221811056 CET844349778188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:08.221813917 CET497788443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:08.221848965 CET497788443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:08.328207970 CET497778443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:08.328656912 CET497798443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:08.333208084 CET844349777188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:08.333257914 CET497778443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:08.333489895 CET844349779188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:08.333551884 CET497798443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:08.333777905 CET497798443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:08.338609934 CET844349779188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:08.815126896 CET844349779188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:08.815185070 CET497798443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:08.815609932 CET497798443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:08.816567898 CET497798443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:08.820355892 CET844349779188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:08.821278095 CET844349779188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:09.916436911 CET844349779188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:09.916464090 CET844349779188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:09.916487932 CET844349779188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:09.916500092 CET844349779188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:09.916505098 CET497798443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:09.916512012 CET844349779188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:09.916522980 CET844349779188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:09.916536093 CET497798443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:09.916575909 CET497798443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:10.059065104 CET497788443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:10.059513092 CET497808443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:10.064405918 CET844349778188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:10.064459085 CET497788443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:10.064629078 CET844349780188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:10.064688921 CET497808443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:10.065356970 CET497808443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:10.070570946 CET844349780188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:10.510201931 CET844349780188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:10.510312080 CET497808443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:10.510766029 CET497808443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:10.511923075 CET497808443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:10.515573978 CET844349780188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:10.516719103 CET844349780188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:11.624003887 CET844349780188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:11.624027967 CET844349780188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:11.624038935 CET844349780188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:11.624051094 CET844349780188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:11.624068975 CET497808443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:11.624069929 CET844349780188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:11.624080896 CET844349780188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:11.624092102 CET844349780188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:11.624106884 CET497808443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:11.624150991 CET497808443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:11.734472990 CET497798443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:11.734951019 CET497818443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:11.739483118 CET844349779188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:11.739586115 CET497798443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:11.739731073 CET844349781188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:11.739798069 CET497818443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:11.740037918 CET497818443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:11.744815111 CET844349781188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:12.189718962 CET844349781188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:12.189815044 CET497818443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:12.190331936 CET497818443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:12.191296101 CET497818443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:12.195106030 CET844349781188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:12.196094036 CET844349781188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:13.300318003 CET844349781188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:13.300331116 CET844349781188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:13.300342083 CET844349781188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:13.300384998 CET844349781188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:13.300389051 CET497818443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:13.300398111 CET844349781188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:13.300410986 CET844349781188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:13.300421000 CET844349781188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:13.300430059 CET497818443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:13.300442934 CET497818443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:13.300462008 CET497818443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:13.406487942 CET497808443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:13.407006979 CET497828443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:13.411595106 CET844349780188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:13.411667109 CET497808443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:13.411849976 CET844349782188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:13.411920071 CET497828443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:13.412276983 CET497828443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:13.417167902 CET844349782188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:13.870189905 CET844349782188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:13.870265961 CET497828443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:13.870913029 CET497828443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:13.871958017 CET497828443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:13.875731945 CET844349782188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:13.876802921 CET844349782188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:15.019146919 CET844349782188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:15.019227028 CET844349782188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:15.019243002 CET844349782188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:15.019257069 CET844349782188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:15.019273043 CET844349782188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:15.019289970 CET844349782188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:15.019294024 CET497828443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:15.019309998 CET497828443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:15.019309998 CET497828443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:15.019337893 CET497828443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:15.125056028 CET497818443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:15.125529051 CET497838443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:15.130074978 CET844349781188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:15.130142927 CET497818443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:15.130458117 CET844349783188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:15.130517960 CET497838443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:15.130712986 CET497838443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:15.135519981 CET844349783188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:15.605519056 CET844349783188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:15.605576038 CET497838443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:15.605958939 CET497838443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:15.607137918 CET497838443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:15.610769033 CET844349783188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:15.611999035 CET844349783188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:16.694349051 CET844349783188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:16.694364071 CET844349783188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:16.694375992 CET844349783188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:16.694386005 CET844349783188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:16.694397926 CET844349783188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:16.694407940 CET844349783188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:16.694431067 CET497838443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:16.694475889 CET497838443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:16.796953917 CET497828443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:16.797467947 CET497848443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:16.801912069 CET844349782188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:16.801973104 CET497828443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:16.802208900 CET844349784188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:16.802268982 CET497848443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:16.802468061 CET497848443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:16.807197094 CET844349784188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:17.255646944 CET844349784188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:17.255740881 CET497848443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:17.260339022 CET497848443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:17.261357069 CET497848443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:17.265132904 CET844349784188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:17.266141891 CET844349784188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:18.383610010 CET844349784188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:18.383631945 CET844349784188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:18.383650064 CET844349784188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:18.383661032 CET844349784188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:18.383671045 CET844349784188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:18.383681059 CET844349784188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:18.383694887 CET844349784188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:18.383709908 CET844349784188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:18.383771896 CET497848443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:18.383881092 CET497848443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:18.500972033 CET497838443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:18.502139091 CET497858443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:18.505958080 CET844349783188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:18.506076097 CET497838443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:18.507008076 CET844349785188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:18.507116079 CET497858443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:18.507630110 CET497858443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:18.512379885 CET844349785188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:18.963108063 CET844349785188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:18.963201046 CET497858443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:18.966986895 CET497858443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:18.971735954 CET844349785188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:18.988897085 CET497858443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:18.993772984 CET844349785188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:20.111433029 CET844349785188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:20.111524105 CET844349785188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:20.111534119 CET844349785188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:20.111545086 CET844349785188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:20.111557961 CET844349785188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:20.111568928 CET844349785188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:20.111581087 CET844349785188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:20.111612082 CET497858443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:20.111638069 CET497858443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:20.219842911 CET497848443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:20.220263004 CET497868443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:20.224838018 CET844349784188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:20.224927902 CET497848443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:20.225006104 CET844349786188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:20.225102901 CET497868443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:20.225346088 CET497868443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:20.230106115 CET844349786188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:20.689419985 CET844349786188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:20.690227985 CET497868443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:20.690634012 CET497868443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:20.691647053 CET497868443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:20.695398092 CET844349786188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:20.696391106 CET844349786188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:21.789361954 CET844349786188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:21.789422035 CET844349786188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:21.789447069 CET844349786188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:21.789458036 CET844349786188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:21.789463997 CET497868443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:21.789469004 CET844349786188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:21.789463997 CET497868443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:21.789483070 CET844349786188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:21.789493084 CET497868443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:21.789582014 CET497868443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:21.891609907 CET497858443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:21.892096043 CET497878443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:21.896644115 CET844349785188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:21.896703005 CET497858443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:21.896893024 CET844349787188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:21.896955013 CET497878443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:21.897154093 CET497878443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:21.901915073 CET844349787188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:22.356193066 CET844349787188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:22.356350899 CET497878443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:22.356894016 CET497878443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:22.357927084 CET497878443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:22.361609936 CET844349787188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:22.362716913 CET844349787188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:23.454266071 CET844349787188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:23.454286098 CET844349787188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:23.454297066 CET844349787188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:23.454308033 CET844349787188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:23.454318047 CET844349787188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:23.454329014 CET844349787188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:23.454349041 CET497878443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:23.454385996 CET497878443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:23.562714100 CET497868443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:23.563297033 CET497888443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:23.568409920 CET844349786188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:23.568474054 CET844349788188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:23.568494081 CET497868443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:23.568542957 CET497888443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:23.568941116 CET497888443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:23.573676109 CET844349788188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:24.035759926 CET844349788188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:24.035844088 CET497888443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:24.036264896 CET497888443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:24.037147045 CET497888443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:24.040996075 CET844349788188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:24.041907072 CET844349788188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:25.117899895 CET844349788188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:25.117913008 CET844349788188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:25.117919922 CET844349788188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:25.117929935 CET844349788188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:25.117940903 CET844349788188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:25.117952108 CET844349788188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:25.117981911 CET497888443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:25.118020058 CET497888443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:25.234750032 CET497878443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:25.235340118 CET497898443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:25.239811897 CET844349787188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:25.239902973 CET497878443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:25.240155935 CET844349789188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:25.240230083 CET497898443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:25.240576982 CET497898443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:25.245368958 CET844349789188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:25.699531078 CET844349789188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:25.699589014 CET497898443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:25.700038910 CET497898443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:25.700978041 CET497898443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:25.705123901 CET844349789188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:25.706254959 CET844349789188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:26.791415930 CET844349789188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:26.791434050 CET844349789188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:26.791445971 CET844349789188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:26.791456938 CET844349789188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:26.791467905 CET844349789188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:26.791469097 CET497898443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:26.791480064 CET844349789188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:26.791501999 CET497898443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:26.791512012 CET497898443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:26.906814098 CET497888443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:26.907285929 CET497908443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:26.911897898 CET844349788188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:26.911947966 CET497888443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:26.912031889 CET844349790188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:26.912090063 CET497908443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:26.912343025 CET497908443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:26.917145967 CET844349790188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:27.359674931 CET844349790188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:27.359724045 CET497908443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:27.363787889 CET497908443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:27.364780903 CET497908443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:27.368576050 CET844349790188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:27.369560957 CET844349790188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:28.436065912 CET844349790188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:28.436100960 CET844349790188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:28.436113119 CET844349790188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:28.436124086 CET844349790188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:28.436136007 CET844349790188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:28.436147928 CET844349790188.114.96.3192.168.2.6
                                Jan 3, 2025 13:07:28.436151028 CET497908443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:28.436177969 CET497908443192.168.2.6188.114.96.3
                                Jan 3, 2025 13:07:28.436207056 CET497908443192.168.2.6188.114.96.3

                                UDP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Jan 3, 2025 13:05:24.617070913 CET6222853192.168.2.61.1.1.1
                                Jan 3, 2025 13:05:24.631814003 CET53622281.1.1.1192.168.2.6

                                DNS Queries

                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                Jan 3, 2025 13:05:24.617070913 CET192.168.2.61.1.1.10x8079Standard query (0)632313373.xyzA (IP address)IN (0x0001)false

                                DNS Answers

                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                Jan 3, 2025 13:05:24.631814003 CET1.1.1.1192.168.2.60x8079No error (0)632313373.xyz188.114.96.3A (IP address)IN (0x0001)false
                                Jan 3, 2025 13:05:24.631814003 CET1.1.1.1192.168.2.60x8079No error (0)632313373.xyz188.114.97.3A (IP address)IN (0x0001)false

                                Statistics

                                CPU Usage

                                Click to jump to process

                                Memory Usage

                                Click to jump to process

                                High Level Behavior Distribution

                                Click to dive into process behavior distribution

                                Behavior

                                Click to jump to process

                                System Behavior

                                General

                                Target ID:0
                                Start time:07:05:22
                                Start date:03/01/2025
                                Path:C:\Users\user\Desktop\mode11_N1Fz.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Users\user\Desktop\mode11_N1Fz.exe"
                                Imagebase:0xf60000
                                File size:4'033'024 bytes
                                MD5 hash:5A2AD2D9D41AACFD8B0E51077AB36B9B
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: Windows_Trojan_CobaltStrike_663fc95d, Description: Identifies CobaltStrike via unidentified function code, Source: 00000000.00000002.3529152410.000000C000088000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000002.3529152410.000000C000088000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_CobaltStrike, Description: Yara detected CobaltStrike, Source: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_CobaltStrike_ee756db7, Description: Attempts to detect Cobalt Strike based on strings found in BEACON, Source: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Author: unknown
                                • Rule: Windows_Trojan_CobaltStrike_663fc95d, Description: Identifies CobaltStrike via unidentified function code, Source: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Author: unknown
                                • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Author: unknown
                                • Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                • Rule: JoeSecurity_CobaltStrike, Description: Yara detected CobaltStrike, Source: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_CobaltStrike_ee756db7, Description: Attempts to detect Cobalt Strike based on strings found in BEACON, Source: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                • Rule: Windows_Trojan_CobaltStrike_663fc95d, Description: Identifies CobaltStrike via unidentified function code, Source: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                • Rule: Trojan_Raw_Generic_4, Description: unknown, Source: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000002.3530321544.000000C000106000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_CobaltStrike, Description: Yara detected CobaltStrike, Source: 00000000.00000002.3530321544.000000C000106000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000002.3530321544.000000C000106000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000002.3530321544.000000C000106000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_CobaltStrike_ee756db7, Description: Attempts to detect Cobalt Strike based on strings found in BEACON, Source: 00000000.00000002.3530321544.000000C000106000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                • Rule: Windows_Trojan_CobaltStrike_663fc95d, Description: Identifies CobaltStrike via unidentified function code, Source: 00000000.00000002.3530321544.000000C000106000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000002.3530321544.000000C000106000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                Reputation:low
                                Has exited:false

                                General

                                Target ID:1
                                Start time:07:05:22
                                Start date:03/01/2025
                                Path:C:\Windows\System32\conhost.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Imagebase:0x7ff66e660000
                                File size:862'208 bytes
                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                Disassembly

                                Reset < >

                                  Execution Graph

                                  Execution Coverage:2.1%
                                  Dynamic/Decrypted Code Coverage:100%
                                  Signature Coverage:4.3%
                                  Total number of Nodes:207
                                  Total number of Limit Nodes:26
                                  execution_graph 34013 1f779ec88d4 34014 1f779ec8961 34013->34014 34019 1f779ec9324 34014->34019 34016 1f779ec8a01 34023 1f779ec96b4 34016->34023 34018 1f779ec8a8f 34022 1f779ec935e 34019->34022 34020 1f779ec9455 VirtualAlloc 34021 1f779ec9479 34020->34021 34021->34016 34022->34020 34022->34021 34024 1f779ec9723 34023->34024 34025 1f779ec994f 34024->34025 34026 1f779ec976e LoadLibraryA 34024->34026 34025->34018 34026->34024 34027 1f779f31b48 34029 1f779f31b64 _DllMainCRTStartup 34027->34029 34033 1f779f31bf4 34029->34033 34037 1f779f31bbe 34029->34037 34039 1f779f319e8 34029->34039 34030 1f779f31c12 34031 1f779f31c3b 34030->34031 34034 1f779f293e0 _DllMainCRTStartup 13 API calls 34030->34034 34035 1f779f319e8 _CRT_INIT 2 API calls 34031->34035 34031->34037 34033->34037 34070 1f779f293e0 34033->34070 34036 1f779f31c2e 34034->34036 34035->34037 34038 1f779f319e8 _CRT_INIT 2 API calls 34036->34038 34038->34031 34040 1f779f31a77 34039->34040 34043 1f779f319fa _heap_init 34039->34043 34041 1f779f31acd 34040->34041 34047 1f779f31a7b _CRT_INIT 34040->34047 34042 1f779f31b30 34041->34042 34049 1f779f31ad2 _CRT_INIT 34041->34049 34062 1f779f31a03 _CRT_INIT _mtterm 34042->34062 34098 1f779f35808 RtlFreeHeap _freefls _CRT_INIT 34042->34098 34043->34062 34076 1f779f359b0 RtlFreeHeap 6 library calls 34043->34076 34047->34062 34088 1f779f2ff6c RtlFreeHeap free 34047->34088 34048 1f779f31aa3 34048->34062 34089 1f779f3816c RtlFreeHeap free 34048->34089 34049->34062 34090 1f779f34728 34049->34090 34052 1f779f31a0f _RTC_Initialize 34052->34062 34077 1f779f3937c RtlFreeHeap free _malloc_crt 34052->34077 34053 1f779f31aef _CRT_INIT 34055 1f779f31b10 34053->34055 34056 1f779f31b26 34053->34056 34053->34062 34094 1f779f358ec RtlFreeHeap __updatetmbcinfo _lock __addlocaleref 34055->34094 34095 1f779f2f244 34056->34095 34057 1f779f31a31 34078 1f779f37e40 34057->34078 34061 1f779f31a3d 34061->34062 34087 1f779f38ee0 RtlFreeHeap __initmbctable parse_cmdline 34061->34087 34062->34033 34071 1f779f294bb 34070->34071 34072 1f779f29402 _DllMainCRTStartup 34070->34072 34161 1f779f2b47c 34071->34161 34074 1f779f29407 _DllMainCRTStartup 34072->34074 34109 1f779f1ca74 34072->34109 34074->34030 34076->34052 34077->34057 34099 1f779f33d8c 34078->34099 34080 1f779f37e6f 34081 1f779f34728 _calloc_crt RtlFreeHeap 34080->34081 34084 1f779f37e83 34081->34084 34082 1f779f37e93 _ioinit __updatetmbcinfo 34082->34061 34083 1f779f34728 _calloc_crt RtlFreeHeap 34083->34084 34084->34082 34084->34083 34086 1f779f37f74 34084->34086 34085 1f779f380ce GetFileType 34085->34086 34086->34082 34086->34085 34088->34048 34089->34062 34093 1f779f3474d 34090->34093 34092 1f779f3478a 34092->34053 34093->34092 34104 1f779f39cec 34093->34104 34094->34062 34096 1f779f2f249 RtlFreeHeap 34095->34096 34097 1f779f2f264 _errno free 34095->34097 34096->34097 34097->34062 34098->34062 34100 1f779f33daa 34099->34100 34101 1f779f33daf 34099->34101 34103 1f779f33e58 RtlFreeHeap 7 library calls 34100->34103 34103->34101 34105 1f779f39d01 34104->34105 34107 1f779f39d14 _callnewh 34104->34107 34105->34107 34108 1f779f31d18 RtlFreeHeap _getptd_noexit 34105->34108 34107->34093 34108->34107 34173 1f779f25fec 34109->34173 34111 1f779f1ca92 _DllMainCRTStartup 34180 1f779f2f284 34111->34180 34113 1f779f1cb40 34191 1f779f2c230 34113->34191 34119 1f779f1cbb5 34120 1f779f2eaa8 _DllMainCRTStartup RtlFreeHeap 34119->34120 34121 1f779f1cbcf _DllMainCRTStartup 34120->34121 34123 1f779f1cbdd _DllMainCRTStartup 34121->34123 34240 1f779f2da74 RtlFreeHeap _DllMainCRTStartup 34121->34240 34124 1f779f1cbf9 34123->34124 34241 1f779f2da74 RtlFreeHeap _DllMainCRTStartup 34123->34241 34214 1f779f1f1f8 34124->34214 34128 1f779f1cc0e 34220 1f779f1f274 34128->34220 34133 1f779f1cc1c 34134 1f779f2f284 malloc RtlFreeHeap 34133->34134 34135 1f779f1cc4f 34134->34135 34136 1f779f1cc5c 34135->34136 34244 1f779f2da74 RtlFreeHeap _DllMainCRTStartup 34135->34244 34138 1f779f2eaa8 _DllMainCRTStartup RtlFreeHeap 34136->34138 34139 1f779f1cc78 34138->34139 34230 1f779f25c60 34139->34230 34162 1f779f25fec _DllMainCRTStartup RtlFreeHeap 34161->34162 34163 1f779f2b4a0 _wctomb_s_l _DllMainCRTStartup 34162->34163 34164 1f779f2f284 malloc RtlFreeHeap 34163->34164 34165 1f779f2b52d _wctomb_s_l 34164->34165 34166 1f779f2eaa8 _DllMainCRTStartup RtlFreeHeap 34165->34166 34167 1f779f2b55e _DllMainCRTStartup 34166->34167 34171 1f779f2b575 GetPdbDllFromInstallPath _DllMainCRTStartup 34167->34171 34303 1f779f1f014 34167->34303 34169 1f779f2b802 _wctomb_s_l _DllMainCRTStartup 34169->34074 34170 1f779f2f284 malloc RtlFreeHeap 34170->34171 34171->34169 34171->34170 34172 1f779f2eaa8 _DllMainCRTStartup RtlFreeHeap 34171->34172 34172->34171 34174 1f779f2f284 malloc RtlFreeHeap 34173->34174 34175 1f779f2600d 34174->34175 34176 1f779f26015 _wctomb_s_l _DllMainCRTStartup 34175->34176 34177 1f779f2f284 malloc RtlFreeHeap 34175->34177 34176->34111 34178 1f779f26021 34177->34178 34178->34176 34179 1f779f2f244 free RtlFreeHeap 34178->34179 34179->34176 34181 1f779f2f318 _callnewh 34180->34181 34186 1f779f2f29c _callnewh malloc 34180->34186 34249 1f779f31d18 RtlFreeHeap _getptd_noexit 34181->34249 34185 1f779f2f2fd 34247 1f779f31d18 RtlFreeHeap _getptd_noexit 34185->34247 34186->34185 34188 1f779f2f302 34186->34188 34190 1f779f2f30d 34186->34190 34245 1f779f31df0 RtlFreeHeap _NMSG_WRITE _set_error_mode 34186->34245 34246 1f779f31e64 RtlFreeHeap _NMSG_WRITE __crtMessageBoxW _set_error_mode _invoke_watson 34186->34246 34248 1f779f31d18 RtlFreeHeap _getptd_noexit 34188->34248 34190->34113 34192 1f779f2c259 _DllMainCRTStartup 34191->34192 34250 1f779f3044c 34192->34250 34195 1f779f2f284 malloc RtlFreeHeap 34197 1f779f2c2a1 GetPdbDllFromInstallPath _wctomb_s_l 34195->34197 34198 1f779f2c30a 34197->34198 34253 1f779f3181c 34197->34253 34199 1f779f3181c _DllMainCRTStartup RtlFreeHeap 34198->34199 34200 1f779f1cb87 34199->34200 34201 1f779f234a0 34200->34201 34202 1f779f234b3 _DllMainCRTStartup 34201->34202 34203 1f779f3044c _DllMainCRTStartup RtlFreeHeap 34202->34203 34204 1f779f234bb 34203->34204 34269 1f779f22f5c 34204->34269 34207 1f779f2eaa8 34208 1f779f2eafd _wctomb_s_l 34207->34208 34209 1f779f2eae7 34207->34209 34208->34119 34210 1f779f2eaff 34209->34210 34211 1f779f2eaf3 34209->34211 34274 1f779f31914 RtlFreeHeap _callnewh _errno free malloc 34210->34274 34212 1f779f2f284 malloc RtlFreeHeap 34211->34212 34212->34208 34216 1f779f1f20e 34214->34216 34215 1f779f1cc05 34215->34128 34242 1f779f2da74 RtlFreeHeap _DllMainCRTStartup 34215->34242 34216->34215 34216->34216 34275 1f779f2a8dc RtlFreeHeap _DllMainCRTStartup 34216->34275 34218 1f779f1f248 34276 1f779f2a914 RtlFreeHeap _snprintf _DllMainCRTStartup 34218->34276 34222 1f779f1f299 34220->34222 34221 1f779f1cc13 34221->34133 34243 1f779f2da74 RtlFreeHeap _DllMainCRTStartup 34221->34243 34222->34221 34223 1f779f2f284 malloc RtlFreeHeap 34222->34223 34224 1f779f1f315 GetPdbDllFromInstallPath _DllMainCRTStartup 34223->34224 34225 1f779f1f36b _wctomb_s_l 34224->34225 34277 1f779f2a8dc RtlFreeHeap _DllMainCRTStartup 34224->34277 34228 1f779f2f244 free RtlFreeHeap 34225->34228 34227 1f779f1f34c 34278 1f779f2a914 RtlFreeHeap _snprintf _DllMainCRTStartup 34227->34278 34228->34221 34231 1f779f25c7e _DllMainCRTStartup 34230->34231 34279 1f779f2b0b4 RtlFreeHeap _DllMainCRTStartup 34231->34279 34233 1f779f25ca8 34234 1f779f3044c _DllMainCRTStartup RtlFreeHeap 34233->34234 34235 1f779f25cbf _DllMainCRTStartup 34234->34235 34280 1f779f25e28 34235->34280 34237 1f779f25d94 GetPdbDllFromInstallPath _wctomb_s_l _DllMainCRTStartup 34289 1f779f2abcc RtlFreeHeap GetPdbDllFromInstallPath _DllMainCRTStartup 34237->34289 34239 1f779f25df5 34245->34186 34246->34186 34247->34188 34248->34190 34249->34190 34256 1f779f35844 34250->34256 34252 1f779f2c261 34252->34195 34254 1f779f35844 _getptd RtlFreeHeap 34253->34254 34255 1f779f31840 _NMSG_WRITE _DllMainCRTStartup 34254->34255 34255->34197 34259 1f779f35868 34256->34259 34258 1f779f3584f 34258->34252 34260 1f779f35878 _CRT_INIT 34259->34260 34261 1f779f358be 34260->34261 34262 1f779f34728 _calloc_crt RtlFreeHeap 34260->34262 34261->34258 34263 1f779f3589a _CRT_INIT 34262->34263 34263->34261 34264 1f779f358b7 34263->34264 34265 1f779f358cd 34263->34265 34268 1f779f358ec RtlFreeHeap __updatetmbcinfo _lock __addlocaleref 34264->34268 34266 1f779f2f244 free RtlFreeHeap 34265->34266 34266->34261 34268->34261 34270 1f779f1cb94 34269->34270 34272 1f779f22f87 _DllMainCRTStartup 34269->34272 34270->34207 34271 1f779f2f284 malloc RtlFreeHeap 34271->34272 34272->34270 34272->34271 34273 1f779f2eaa8 _DllMainCRTStartup RtlFreeHeap 34272->34273 34273->34272 34274->34208 34275->34218 34276->34215 34277->34227 34278->34225 34279->34233 34281 1f779f25fec _DllMainCRTStartup RtlFreeHeap 34280->34281 34282 1f779f25e51 _DllMainCRTStartup 34281->34282 34283 1f779f25e9f GetUserNameA 34282->34283 34284 1f779f25ec8 34283->34284 34290 1f779f1f008 WSASocketA WSAIoctl closesocket _DllMainCRTStartup 34284->34290 34286 1f779f25ecd strrchr _DllMainCRTStartup 34291 1f779f2f63c 34286->34291 34288 1f779f25fa0 _DllMainCRTStartup 34288->34237 34289->34239 34290->34286 34294 1f779f2f66e _wctomb_s_l 34291->34294 34292 1f779f2f673 34300 1f779f31d18 RtlFreeHeap _getptd_noexit 34292->34300 34294->34292 34295 1f779f2f692 34294->34295 34301 1f779f32528 RtlFreeHeap 12 library calls 34295->34301 34297 1f779f2f6c2 34298 1f779f2f678 _invalid_parameter_noinfo 34297->34298 34302 1f779f3239c RtlFreeHeap 7 library calls 34297->34302 34298->34288 34300->34298 34301->34297 34302->34298 34310 1f779f1f118 34303->34310 34305 1f779f1f02f WSASocketA 34306 1f779f1f058 WSAIoctl 34305->34306 34307 1f779f1f051 34305->34307 34308 1f779f1f099 closesocket 34306->34308 34307->34171 34308->34307 34311 1f779f1f12c 34310->34311 34311->34305

                                  Executed Functions

                                  Function 000001F779F1E68C Relevance: 9.3, APIs: 6, Instructions: 260networkCOMMONLIBRARYCODE
                                  Download Yara Rule

                                  Control-flow Graph

                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F779F10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779f10000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _snprintf$strchr$AvailableDataInternetQuery_errno_invalid_parameter_noinfo
                                  • String ID:
                                  • API String ID: 2459009813-0
                                  • Opcode ID: 6e2045361780fadf1587795c869fcd23f7db7a84374f415de51a140654aa30c6
                                  • Instruction ID: bd6c546e5bea7246cc1ef69336f629544378dc15c85c1d06ec1e228b8c3fe1ee
                                  • Opcode Fuzzy Hash: 6e2045361780fadf1587795c869fcd23f7db7a84374f415de51a140654aa30c6
                                  • Instruction Fuzzy Hash: AD81713162CA898FEB59FB18D8897FAB3E5FB94711F10063AA44BC31D1DE64D9028781
                                  Function 000001F779F25E28 Relevance: 4.7, APIs: 3, Instructions: 190stringCOMMONLIBRARYCODE
                                  Download Yara Rule

                                  Control-flow Graph

                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F779F10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779f10000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: NameUser_snprintfmallocstrrchr
                                  • String ID:
                                  • API String ID: 1238167203-0
                                  • Opcode ID: d69273eeb4579e6a96eb8d0c87a60564a21875d7210b55cf29d23a145d20b21e
                                  • Instruction ID: 1b604093e8d024554e062ea0816e5b10d122d015e1d61c30bb5ad0c4a45df470
                                  • Opcode Fuzzy Hash: d69273eeb4579e6a96eb8d0c87a60564a21875d7210b55cf29d23a145d20b21e
                                  • Instruction Fuzzy Hash: FD51513072CA894FEB58BB68945A7FD72E2E789710F14462DF48FC32D7D924D8428786
                                  Function 000001F779F1CA74 Relevance: 7.9, APIs: 6, Instructions: 411COMMONLIBRARYCODE
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 55 1f779f1ca74-1f779f1cbd6 call 1f779f25fec call 1f779f261e8 * 3 call 1f779f2b454 call 1f779f2b464 * 2 call 1f779f2b434 * 2 call 1f779f2b454 * 2 call 1f779f2f284 call 1f779f2b434 * 3 call 1f779f2b464 call 1f779f2c230 call 1f779f234a0 call 1f779f2eaa8 * 2 call 1f779f1f3c0 98 1f779f1cbd8 call 1f779f2da74 55->98 99 1f779f1cbdd-1f779f1cbf2 call 1f779f2b434 call 1f779f1f1e4 55->99 98->99 105 1f779f1cbf9-1f779f1cc07 call 1f779f1f1f8 99->105 106 1f779f1cbf4 call 1f779f2da74 99->106 110 1f779f1cc09 call 1f779f2da74 105->110 111 1f779f1cc0e-1f779f1cc15 call 1f779f1f274 105->111 106->105 110->111 115 1f779f1cc17 call 1f779f2da74 111->115 116 1f779f1cc1c-1f779f1cc55 call 1f779f2b464 call 1f779f2b434 call 1f779f2f284 111->116 115->116 124 1f779f1cc57 call 1f779f2da74 116->124 125 1f779f1cc5c-1f779f1cc90 call 1f779f2b434 call 1f779f2eaa8 call 1f779f2b434 call 1f779f25c60 116->125 124->125 135 1f779f1cebb-1f779f1cee7 call 1f779f2c218 call 1f779f2f244 call 1f779f2da74 125->135 136 1f779f1cc96-1f779f1cc9e 125->136 138 1f779f1cca2-1f779f1cd24 call 1f779f2bfc0 call 1f779f2f63c call 1f779f2bfc0 call 1f779f2f63c * 2 call 1f779f22ee0 136->138 156 1f779f1cd26-1f779f1cd2b 138->156 157 1f779f1cd44-1f779f1cd77 call 1f779f1ea48 call 1f779f2b434 call 1f779f1e9f4 138->157 159 1f779f1cd2e-1f779f1cd35 156->159 168 1f779f1cd79-1f779f1cd87 call 1f779f2ad44 157->168 169 1f779f1cd9c-1f779f1cd9f 157->169 159->159 161 1f779f1cd37-1f779f1cd3a 159->161 161->157 163 1f779f1cd3c-1f779f1cd3f call 1f779f231f4 161->163 163->157 177 1f779f1cd89-1f779f1cd93 call 1f779f28e0c 168->177 178 1f779f1cd95-1f779f1cd99 168->178 171 1f779f1cda5-1f779f1cdc8 call 1f779f26b98 call 1f779f2b434 169->171 172 1f779f1ce26-1f779f1ce27 169->172 186 1f779f1cdca 171->186 187 1f779f1cdcf-1f779f1cdf0 call 1f779f218c4 call 1f779f25144 call 1f779f24a04 call 1f779f1f3c0 171->187 175 1f779f1ce2c-1f779f1ce38 call 1f779f1e9c8 call 1f779f1f3c0 172->175 190 1f779f1ce3a call 1f779f2da74 175->190 191 1f779f1ce3f-1f779f1ce5d call 1f779f2bf04 175->191 177->169 178->169 186->187 216 1f779f1cdfa-1f779f1ce01 187->216 217 1f779f1cdf2-1f779f1cdf5 call 1f779f1f484 187->217 190->191 197 1f779f1ce5f call 1f779f2da74 191->197 198 1f779f1ce64-1f779f1ce6c 191->198 197->198 198->135 201 1f779f1ce6e-1f779f1ce76 198->201 203 1f779f1ce78-1f779f1ce89 201->203 204 1f779f1cea4 call 1f779f2211c 201->204 206 1f779f1ce8b-1f779f1ce9a call 1f779f1f3a0 203->206 207 1f779f1ce9c 203->207 210 1f779f1cea9-1f779f1ceb5 204->210 212 1f779f1ce9e-1f779f1cea0 206->212 207->212 210->135 210->138 212->204 215 1f779f1cea2 212->215 215->204 216->175 218 1f779f1ce03-1f779f1ce24 call 1f779f1e9c8 call 1f779f1ea48 call 1f779f1ec04 216->218 217->216 218->175
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F779F10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779f10000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: malloc$_snprintf$_errno$_callnewhfreerealloc
                                  • String ID:
                                  • API String ID: 74200508-0
                                  • Opcode ID: fd4b1ce187cf5d2c7b3c7d1d5f2f485ec143d87fcb2d796d9dd721ce5a89571b
                                  • Instruction ID: b3f7c41f8cdc9349490469a5845fcdc17e4e84c98dc2b8b1eec67bb4626f6316
                                  • Opcode Fuzzy Hash: fd4b1ce187cf5d2c7b3c7d1d5f2f485ec143d87fcb2d796d9dd721ce5a89571b
                                  • Instruction Fuzzy Hash: 3BD1533072EA864BFB58BB64889A7FD72F1EB89311F54463DA447C32D3DE24D9058782
                                  Function 000001F779F1F014 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 103networkCOMMONLIBRARYCODE
                                  Download Yara Rule

                                  Control-flow Graph

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F779F10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779f10000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: IoctlSocketclosesocket
                                  • String ID: _Cy
                                  • API String ID: 3445158922-1085951347
                                  • Opcode ID: 9f6035121241c12ff71e8e552415c275c25b201d0c9d2d3551ffb33b20d91594
                                  • Instruction ID: b32be18442c191855cfc5fa017410e36fdab72f10049bb1932177f1dcf1e95e4
                                  • Opcode Fuzzy Hash: 9f6035121241c12ff71e8e552415c275c25b201d0c9d2d3551ffb33b20d91594
                                  • Instruction Fuzzy Hash: 6831B63061DA898BDB54EF2898897B6B7E1FBA8315F114B3EE54BC32E1DB34C5418781
                                  Function 000001F779F1EA48 Relevance: 3.2, APIs: 2, Instructions: 159networkCOMMONLIBRARYCODE
                                  Download Yara Rule

                                  Control-flow Graph

                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F779F10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779f10000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Internet$ConnectOpen
                                  • String ID:
                                  • API String ID: 2790792615-0
                                  • Opcode ID: c02896be98f17698b461471e8597e5ae08ffedd86d74317b17a8770a829ca45e
                                  • Instruction ID: 596aa570dbf7703db2106aaa32d6811341dadcd434ee7d36d0b3769ee1446a37
                                  • Opcode Fuzzy Hash: c02896be98f17698b461471e8597e5ae08ffedd86d74317b17a8770a829ca45e
                                  • Instruction Fuzzy Hash: 8051B43022DB458FEB59EF28D8997B973E1FB89305F15053DE487C32D2DA3899068782
                                  Function 000001F779EC96B4 Relevance: 1.6, APIs: 1, Instructions: 149libraryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: 74d038c8b1c51bf1d7765a817c366e135375bbd51fab872694d5e2c19deb3bea
                                  • Instruction ID: 7112bcbb9b7ae802aa179350718c6b9a2d2e48265c1461e45efb807434f9bfcb
                                  • Opcode Fuzzy Hash: 74d038c8b1c51bf1d7765a817c366e135375bbd51fab872694d5e2c19deb3bea
                                  • Instruction Fuzzy Hash: EE718736219B8486CAA0CB0AE49036AB7B0F7C9B94F544125EFCE87B68DF7DD555CB00
                                  Function 000001F779EC9324 Relevance: 1.3, APIs: 1, Instructions: 87memoryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 344 1f779ec9324-1f779ec9358 345 1f779ec944d-1f779ec9453 344->345 346 1f779ec935e-1f779ec9374 344->346 347 1f779ec9455-1f779ec9474 VirtualAlloc 345->347 348 1f779ec9479-1f779ec9482 345->348 346->345 350 1f779ec937a-1f779ec93c2 346->350 347->348 352 1f779ec93ce-1f779ec93d4 350->352 353 1f779ec93d6-1f779ec93de 352->353 354 1f779ec9402-1f779ec9408 352->354 353->354 355 1f779ec93e0-1f779ec93e6 353->355 354->345 356 1f779ec940a-1f779ec9445 354->356 355->354 357 1f779ec93e8-1f779ec9400 355->357 356->345 357->352
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: AllocVirtual
                                  • String ID:
                                  • API String ID: 4275171209-0
                                  • Opcode ID: 614a4b05fd2fcf958961d58200ae62ff8fa006310eb0dba3dbba10185b0029ad
                                  • Instruction ID: e4ce2ad299d35c57717926a238a31e161740c3afb122e9f2db595e5833c7dbd2
                                  • Opcode Fuzzy Hash: 614a4b05fd2fcf958961d58200ae62ff8fa006310eb0dba3dbba10185b0029ad
                                  • Instruction Fuzzy Hash: D741BA72629B8487DB50DB19E48471AB7B1F3C9B94F101225FADE83BA8DB3CD4518F00
                                  Function 00FCF220 Relevance: .1, Instructions: 57COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 455 fcf220-fcf2d2 call fcf360 call fcd500 call fcb5c0 461 fcf2d7-fcf354 455->461
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3527825363.0000000000F61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                  • Associated: 00000000.00000002.3527784123.0000000000F60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3527917955.000000000101D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3528403204.00000000012FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3528419406.00000000012FC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3528436006.0000000001301000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3528485128.000000000130E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3528532410.000000000130F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3528532410.0000000001328000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3528532410.000000000132B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3528532410.000000000132E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3528532410.0000000001356000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3528532410.0000000001358000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3528775211.000000000135A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3528805034.0000000001361000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3528819371.0000000001362000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f60000_mode11_N1Fz.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a2a83c295b55d1fb3924cfc6086ff6026e810ee76d85704118357723c5304dc2
                                  • Instruction ID: f4eea7c2b13f26ce1771c98ace0b9625a52617a82984f091687ba75f291571fd
                                  • Opcode Fuzzy Hash: a2a83c295b55d1fb3924cfc6086ff6026e810ee76d85704118357723c5304dc2
                                  • Instruction Fuzzy Hash: B1319A6791CFC482D3218B24F5417AAB364F7A9784F15A715EFC812A1ADF38E2E5CB40
                                  Function 00FCB5C0 Relevance: .0, Instructions: 2COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 472 fcb5c0-fcb5c5 call fd21e0
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3527825363.0000000000F61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                  • Associated: 00000000.00000002.3527784123.0000000000F60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3527917955.000000000101D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3528403204.00000000012FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3528419406.00000000012FC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3528436006.0000000001301000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3528485128.000000000130E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3528532410.000000000130F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3528532410.0000000001328000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3528532410.000000000132B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3528532410.000000000132E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3528532410.0000000001356000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3528532410.0000000001358000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3528775211.000000000135A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3528805034.0000000001361000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3528819371.0000000001362000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f60000_mode11_N1Fz.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f426410239744f5ba57e2b78151ac65bfe157d6a2c0a85e8369f5e0dce230c44
                                  • Instruction ID: febb82414c9601695d1a52c687048c8d197aa63e8f98309b89b80f404ee0bd40
                                  • Opcode Fuzzy Hash: f426410239744f5ba57e2b78151ac65bfe157d6a2c0a85e8369f5e0dce230c44
                                  • Instruction Fuzzy Hash:

                                  Non-executed Functions

                                  Function 000001F779ED239C Relevance: 32.2, APIs: 16, Strings: 2, Instructions: 694COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _errnowrite_multi_charwrite_string$Locale_invalid_parameter_noinfowrite_char$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_fileno_getptd_getptd_noexit_isleadbyte_lfree
                                  • String ID: $@
                                  • API String ID: 3318157856-1077428164
                                  • Opcode ID: 0917c7b026fa98026fd61c82a9db6b94b013ed73c29c4ccbf17a38093d3ada48
                                  • Instruction ID: 6cecf7e5c9f73f14cd5d113ef042998445bca2933cf742739160d5022f13dbee
                                  • Opcode Fuzzy Hash: 0917c7b026fa98026fd61c82a9db6b94b013ed73c29c4ccbf17a38093d3ada48
                                  • Instruction Fuzzy Hash: 4852EC3362E68686FB65AA1495C83FE7BB0B745784F1C0225DA47077E8DBF9C960CB00
                                  Function 000001F779F32F9C Relevance: 30.8, APIs: 15, Strings: 2, Instructions: 1030COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F779F10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779f10000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _errnowrite_multi_char$_invalid_parameter_noinfowrite_charwrite_string$__updatetlocinfo__updatetmbcinfo_fileno_getptd_getptd_noexit_isleadbyte_lfree
                                  • String ID: $@
                                  • API String ID: 3613058218-1077428164
                                  • Opcode ID: 0599035506f01076b605f9026c3628a483f4ccd483033c44f83e2593a1d2db07
                                  • Instruction ID: bbb2eb0de96be965e18de4d26d2f05c28a8fa2a63bf9fbfc27e0a3f5c2af1c03
                                  • Opcode Fuzzy Hash: 0599035506f01076b605f9026c3628a483f4ccd483033c44f83e2593a1d2db07
                                  • Instruction Fuzzy Hash: 4C62D53192EAC78AFB69EA18C4493F9B7F1FB95310FA4433DD497C31D1D6AC98428641
                                  Function 000001F779F32528 Relevance: 29.0, APIs: 15, Strings: 1, Instructions: 1022COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F779F10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779f10000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _errnowrite_multi_char$_invalid_parameter_noinfowrite_charwrite_string$__updatetlocinfo__updatetmbcinfo_fileno_getptd_getptd_noexit_isleadbyte_lfree
                                  • String ID:
                                  • API String ID: 3613058218-3916222277
                                  • Opcode ID: 99560b4e6a3ba651302837abcdacc877c80be0c82fbf8e81c16206e006ab6ccb
                                  • Instruction ID: 04a2857a540813b0f85fa7d7e786c862a4a456825d971a43c3f365421d5324fe
                                  • Opcode Fuzzy Hash: 99560b4e6a3ba651302837abcdacc877c80be0c82fbf8e81c16206e006ab6ccb
                                  • Instruction Fuzzy Hash: 8162B73093EAC78AFB68AA589C593F977F1FB95310F24433DD987C31D2DA2899428641
                                  Function 000001F779ED1928 Relevance: 28.6, APIs: 14, Strings: 2, Instructions: 645COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _errno$Locale_invalid_parameter_noinfo$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_fileno_getptd_getptd_noexitwrite_multi_charwrite_string
                                  • String ID: -$0
                                  • API String ID: 3246410048-417717675
                                  • Opcode ID: 9d83564e1f44511746efc6243833ea10ca1e0c0cc6e5e094e442fc0115aecad6
                                  • Instruction ID: 6020adfd7b34f5bb428ceb10f094fc62407960186b94c533b03e7f7fd25dba5e
                                  • Opcode Fuzzy Hash: 9d83564e1f44511746efc6243833ea10ca1e0c0cc6e5e094e442fc0115aecad6
                                  • Instruction Fuzzy Hash: 5A42F07362E68686FB69EB2595C83FE7BB0B745780F1C4225DA47067D4D7B9C860CB00
                                  Function 000001F779ED5914 Relevance: 26.7, APIs: 14, Strings: 1, Instructions: 460COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: __doserrno_errno_invalid_parameter_noinfo
                                  • String ID: U
                                  • API String ID: 3902385426-4171548499
                                  • Opcode ID: 1e306023ed328bab19b7a5d60cdebdd92491a2c212ad1309fcb9b443deab4914
                                  • Instruction ID: 662424e9295b87b15bf22d4a8d7e0d8bd0a13284bdb623f68ce4962f4f1a968e
                                  • Opcode Fuzzy Hash: 1e306023ed328bab19b7a5d60cdebdd92491a2c212ad1309fcb9b443deab4914
                                  • Instruction Fuzzy Hash: 6612F43322A64286EB20AF24D4C83FEB7B1F785754F580226EA4B476D8DFB9C555CB10
                                  Function 000001F779F27B38 Relevance: 13.3, APIs: 10, Instructions: 790COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F779F10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779f10000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _snprintf$_errno_invalid_parameter_noinfo
                                  • String ID:
                                  • API String ID: 3442832105-0
                                  • Opcode ID: 5c5fb6f4a09e06ccff5c46792293312cb34477fc99d63142bfc01bcec4b0117e
                                  • Instruction ID: dbe3a77beab3e4a1db0730ae5a8e82d59f3c9d7f5753fe02a73a2a6c4cb9fa17
                                  • Opcode Fuzzy Hash: 5c5fb6f4a09e06ccff5c46792293312cb34477fc99d63142bfc01bcec4b0117e
                                  • Instruction Fuzzy Hash: A452A13052DD8A9BE759AB2CD4467F9F3F0FF68305F445228D986C71A2EB34E5828781
                                  Function 000001F779EC6F38 Relevance: 13.0, APIs: 10, Instructions: 545COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _snprintf$_errno_invalid_parameter_noinfo
                                  • String ID:
                                  • API String ID: 3442832105-0
                                  • Opcode ID: 5c5fb6f4a09e06ccff5c46792293312cb34477fc99d63142bfc01bcec4b0117e
                                  • Instruction ID: bef1442e98e39d787231f8adda2a512aa0bb8d7ee763728319e25eb16681cf83
                                  • Opcode Fuzzy Hash: 5c5fb6f4a09e06ccff5c46792293312cb34477fc99d63142bfc01bcec4b0117e
                                  • Instruction Fuzzy Hash: 5C42D772229F8691EB159B28D0452F9B3B0FF95755F005221EFCA17BA1EF79D2A2C300
                                  Function 000001F779EDB7B0 Relevance: 5.9, Strings: 4, Instructions: 884COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: $<$ailure #%d - %s$e '
                                  • API String ID: 0-963976815
                                  • Opcode ID: b07265f8357a11157a4f9c9ad581af4fb46f207739a0a4220b37d603b0229bef
                                  • Instruction ID: 43c966dfa065a3b56461171f807af760b442c0ae465cde826ecfb9c883404899
                                  • Opcode Fuzzy Hash: b07265f8357a11157a4f9c9ad581af4fb46f207739a0a4220b37d603b0229bef
                                  • Instruction Fuzzy Hash: 8D92E0B2329A8187DB58CB1DE4A573AB7A1F3C8B80F44513AE79B87794CA7CC551CB04
                                  Function 000001F779EDC397 Relevance: 2.6, Strings: 2, Instructions: 134COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: ailure #%d - %s$e '
                                  • API String ID: 0-4163927988
                                  • Opcode ID: aa69cfbe2dfd85e7477dd7a8e83c12114f76cab9aed25d9437113f4cd473f74e
                                  • Instruction ID: d40c7b74c63bb1ac85cf2599782e6d0fae8286ec8f71b609a46af97e91f439bc
                                  • Opcode Fuzzy Hash: aa69cfbe2dfd85e7477dd7a8e83c12114f76cab9aed25d9437113f4cd473f74e
                                  • Instruction Fuzzy Hash: 49612CB6219A518BD714CB09E4D467AB7E1F3CC784F88431AE38B877A8CA3CD545CB40
                                  Function 000001F779F301A8 Relevance: 1.8, APIs: 1, Instructions: 304COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F779F10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779f10000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _initp_misc_winsig
                                  • String ID:
                                  • API String ID: 2710132595-0
                                  • Opcode ID: c8c90554330dcabd03fa81e8dd660722591610607187a6cda5de2b4df199049a
                                  • Instruction ID: 7ac71a196e18bc864584f9c0099b6f03ade94a8aafae2d193121d659b8a1922c
                                  • Opcode Fuzzy Hash: c8c90554330dcabd03fa81e8dd660722591610607187a6cda5de2b4df199049a
                                  • Instruction Fuzzy Hash: 95A1DC71619A498FEF54FFB5EC98AAA37B2F768301721893A900AC3174DABCD545CB40
                                  Function 000001F779F3DBF0 Relevance: .8, Instructions: 783COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F779F10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779f10000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 598c92a77d3f8dda66df7f00e42631b8bb25fed254ebd76fcbad8f8343bff3d7
                                  • Instruction ID: ffab3345ad5abd5acb7c5523dfdba7f64f9ad747a283b9d541998824c186a9ed
                                  • Opcode Fuzzy Hash: 598c92a77d3f8dda66df7f00e42631b8bb25fed254ebd76fcbad8f8343bff3d7
                                  • Instruction Fuzzy Hash: 5B620A312286558FD31CCB1CC5B1B7AB7E1FB89340F44896DE287CB692C639DA45CB91
                                  Function 000001F779F3D280 Relevance: .8, Instructions: 761COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F779F10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779f10000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b966ddc3a4a27f87df3b0e1d0093439f08c10720c9c40116a815356078c1d6ce
                                  • Instruction ID: 6c8856c7deff6a834fdedcb2cf73049d1a6c32f59dbde30fe58ccd2fb3839fc3
                                  • Opcode Fuzzy Hash: b966ddc3a4a27f87df3b0e1d0093439f08c10720c9c40116a815356078c1d6ce
                                  • Instruction Fuzzy Hash: 3852EE312286558FD31CCF1CC5A1E7AB7E1FB8D340F448A6DE28ACB692C639E545CB91
                                  Function 000001F779EDCFF0 Relevance: .6, Instructions: 617COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 598c92a77d3f8dda66df7f00e42631b8bb25fed254ebd76fcbad8f8343bff3d7
                                  • Instruction ID: 048ee9d4ec294fba91daa0eaca1014676e4fed6d095dc164d0ecdcb39089165d
                                  • Opcode Fuzzy Hash: 598c92a77d3f8dda66df7f00e42631b8bb25fed254ebd76fcbad8f8343bff3d7
                                  • Instruction Fuzzy Hash: 185261B221898587D708CB1DE4A177AB7E1F3C9B80F44862AE7878B799CE7DD554CB00
                                  Function 000001F779EDC680 Relevance: .6, Instructions: 592COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b966ddc3a4a27f87df3b0e1d0093439f08c10720c9c40116a815356078c1d6ce
                                  • Instruction ID: 3c8610bcb867ddba0076629f2e172e480febd2fa066084aad7371c98f43d1119
                                  • Opcode Fuzzy Hash: b966ddc3a4a27f87df3b0e1d0093439f08c10720c9c40116a815356078c1d6ce
                                  • Instruction Fuzzy Hash: C45252B221898187D708CB1DE4A577AB7F1F3C9B80F44862AE7878B799CA7DD544CB40
                                  Function 000001F779EB9680 Relevance: .4, Instructions: 404COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: free
                                  • String ID:
                                  • API String ID: 1294909896-0
                                  • Opcode ID: 037a88b3a0e0121372c1e8929510804f124a0a98294513f128062ea9428e9fbd
                                  • Instruction ID: 116b2057563cc66cecb28c6aa1409269760515211270401f5c59b1c890770cce
                                  • Opcode Fuzzy Hash: 037a88b3a0e0121372c1e8929510804f124a0a98294513f128062ea9428e9fbd
                                  • Instruction Fuzzy Hash: 3DF1743332DA4382EB20AA1594D4BFE73B1F796798F500335DA4A877C9EAB4C905CB40
                                  Function 000001F779EBCE3C Relevance: .4, Instructions: 374COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f74bee57ece39a3ee739721ddd6b8b7c874878cbec99e002ba7fd2a6b2694298
                                  • Instruction ID: 600b3a79de5a47ce6c928c47bfe47d286b0fbd34cb54e568fb5e2cc79050bcf3
                                  • Opcode Fuzzy Hash: f74bee57ece39a3ee739721ddd6b8b7c874878cbec99e002ba7fd2a6b2694298
                                  • Instruction Fuzzy Hash: 3DE17EB362974283EB64AB25E8857FA73B1F745754F444235DB8B966C2EABCE481C300
                                  Function 000001F779EB916C Relevance: .4, Instructions: 367COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: free
                                  • String ID:
                                  • API String ID: 1294909896-0
                                  • Opcode ID: a24fb40c631e4fb8bf858a82f26ba5d2e30cdac9459d39304e37b5ee64eada3e
                                  • Instruction ID: 783559b0adcd7ac14d158dbd968d6d9d3c3a6dbfac72eb68b3ae963da9af9536
                                  • Opcode Fuzzy Hash: a24fb40c631e4fb8bf858a82f26ba5d2e30cdac9459d39304e37b5ee64eada3e
                                  • Instruction Fuzzy Hash: 36E1B33372AA4391EB10AA14D4C4AFE77B1F79678CF810331DA4B97AD9EAB4C905C740
                                  Function 000001F779EC0334 Relevance: .2, Instructions: 163COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 466de111811528a62f1f30eaf25973b5c551d59befa8947403ad49e7d2f1a529
                                  • Instruction ID: d7bab19505b98287d7a9f4e7fce1b4f36860280d2f102f3da5ecb7450fd80581
                                  • Opcode Fuzzy Hash: 466de111811528a62f1f30eaf25973b5c551d59befa8947403ad49e7d2f1a529
                                  • Instruction Fuzzy Hash: D071617322AB4286FB60AF65E4C83AD73B1F749B95F005635DA8A437D5DFB8C4848B40
                                  Function 000001F779F36E1C Relevance: 16.6, APIs: 11, Instructions: 108COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F779F10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779f10000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: __doserrno_errno_getptd_noexit$_invalid_parameter_noinfo
                                  • String ID:
                                  • API String ID: 388111225-0
                                  • Opcode ID: f569b21a01fad2a92039226acf8a97d91cb16fac7f3924a9cc2c8e1a455bf938
                                  • Instruction ID: 63a9ee442deb6d8bcd6f8061706c6adbf4e5fbcdaaa50f01767b5cb170568404
                                  • Opcode Fuzzy Hash: f569b21a01fad2a92039226acf8a97d91cb16fac7f3924a9cc2c8e1a455bf938
                                  • Instruction Fuzzy Hash: 8831947123EA864FF319BF78988B3F936A0EB46320F520779E417872D3D67898414391
                                  Function 000001F779ED1B48 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 227COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: write_multi_char$write_string$free
                                  • String ID:
                                  • API String ID: 2630409672-3916222277
                                  • Opcode ID: 1c8d6b8a065489df9c71b2e8ea70d157333f6dd13db57c526a3ea5ce9db962ed
                                  • Instruction ID: 0455487cc12b9b2b6b5b649f1cdcf4cc622b969723e5dd48112171d53098b090
                                  • Opcode Fuzzy Hash: 1c8d6b8a065489df9c71b2e8ea70d157333f6dd13db57c526a3ea5ce9db962ed
                                  • Instruction Fuzzy Hash: 56A1F33362D64286FB25EB65A4883FE7BB0B785784F181221EE4B177D8CBB5C851CB00
                                  Function 000001F779F37C08 Relevance: 15.1, APIs: 10, Instructions: 93COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F779F10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779f10000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseeki64_nolock_unlock_fhandle
                                  • String ID:
                                  • API String ID: 2644381645-0
                                  • Opcode ID: 1a0056bbafc3a7faafb75a0a5683c60387dc6450d26c6e1c9b28f7a797692c5c
                                  • Instruction ID: 1d199c2d9bac97ad2a8a286f68a0dfc07133529ae2924ec2b02faa8673b1a2ac
                                  • Opcode Fuzzy Hash: 1a0056bbafc3a7faafb75a0a5683c60387dc6450d26c6e1c9b28f7a797692c5c
                                  • Instruction Fuzzy Hash: D821F73072EA824FF359BB68988A3FD72F0EB87361F550379E417872D3D66C580142A1
                                  Function 000001F779F37A90 Relevance: 15.1, APIs: 10, Instructions: 88COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F779F10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779f10000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseek_nolock_unlock_fhandle
                                  • String ID:
                                  • API String ID: 1078912150-0
                                  • Opcode ID: af586274eb7c0247a5ed565ce490a43ddd2b1adc4c580e4a875ff27a69eb19f0
                                  • Instruction ID: 0afd916cc824c0d8def878f74f42bc3b80b37123eef5b76ad2b8c1b9e8de33da
                                  • Opcode Fuzzy Hash: af586274eb7c0247a5ed565ce490a43ddd2b1adc4c580e4a875ff27a69eb19f0
                                  • Instruction Fuzzy Hash: 8221B03162E6824FF319BB68988A3FD76F0EB83331F150379E457872E7D66C580142A2
                                  Function 000001F779ED621C Relevance: 15.1, APIs: 10, Instructions: 81COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: __doserrno_errno_getptd_noexit$_invalid_parameter_noinfo
                                  • String ID:
                                  • API String ID: 388111225-0
                                  • Opcode ID: 9a7e94428e85d4ed5cd8e77b1af53c202f15bf406c2c29a1a7d54b8e8c205bff
                                  • Instruction ID: d40b60a9c0878ae07d65634f4c6e266369b76420d13636cc05e51e98462b5b01
                                  • Opcode Fuzzy Hash: 9a7e94428e85d4ed5cd8e77b1af53c202f15bf406c2c29a1a7d54b8e8c205bff
                                  • Instruction Fuzzy Hash: F831C53332AA4686E716BF7598C93FD3570AB81BA0F5D4335A913173D3C6B8C8618710
                                  Function 000001F779EDF150 Relevance: 13.6, APIs: 9, Instructions: 127COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _errno_getptd_noexit_invalid_parameter_noinfo
                                  • String ID:
                                  • API String ID: 1812809483-0
                                  • Opcode ID: bd2089a42f628a497311986bb7142f0c797ae3413767483a07d765319bf433f4
                                  • Instruction ID: d282c60dd35e2870ef1fc9e84ba0890450ab5e40d5ebdd3904c68f68b2fbfb37
                                  • Opcode Fuzzy Hash: bd2089a42f628a497311986bb7142f0c797ae3413767483a07d765319bf433f4
                                  • Instruction Fuzzy Hash: 6541477763A25381FB20FB21848A3FD32F0E75AB94FD84731DA56036C9D7A4C9618700
                                  Function 000001F779F36434 Relevance: 13.6, APIs: 9, Instructions: 89COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F779F10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779f10000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_unlock_fhandle
                                  • String ID:
                                  • API String ID: 2464146582-0
                                  • Opcode ID: c89056d156aae0bb9c491ae48c02d203d405bbf82af9f534bcd04b22b5544d86
                                  • Instruction ID: d4027b670454e0aa8a5e9bace2846f08d64471c151af4e7faef6335127ba3deb
                                  • Opcode Fuzzy Hash: c89056d156aae0bb9c491ae48c02d203d405bbf82af9f534bcd04b22b5544d86
                                  • Instruction Fuzzy Hash: 2821BA31A2EA824EF355BB58D88B3FD76E0EB46321F260779E017872D3D66C580142A5
                                  Function 000001F779F35C58 Relevance: 13.6, APIs: 9, Instructions: 71COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F779F10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779f10000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _getptd_noexit$__doserrno__lock_fhandle_close_nolock_errno_unlock_fhandle
                                  • String ID:
                                  • API String ID: 2140805544-0
                                  • Opcode ID: d63a0d9a057a00514656f61d256491cfcc4309f98023220473e92bade8306c33
                                  • Instruction ID: 437aa54eaccd96dd7923ecdbee6bde5bbe3354de83dd8672ce899e48bf36fff5
                                  • Opcode Fuzzy Hash: d63a0d9a057a00514656f61d256491cfcc4309f98023220473e92bade8306c33
                                  • Instruction Fuzzy Hash: B221C03162FA824EF315BB7598893F87AB0EB82361F250778E41B872E3C67C88004761
                                  Function 000001F779ED6E90 Relevance: 13.6, APIs: 9, Instructions: 67COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseek_nolock
                                  • String ID:
                                  • API String ID: 310312816-0
                                  • Opcode ID: 58556fb0ae643294109593e6a1f551c1d1756168c239dbf47c2b40feda9217b5
                                  • Instruction ID: a893dc0c200aab1ba794da148cce3b5a3de53ddf1af75cd91ae60a707e80626d
                                  • Opcode Fuzzy Hash: 58556fb0ae643294109593e6a1f551c1d1756168c239dbf47c2b40feda9217b5
                                  • Instruction Fuzzy Hash: 1621BE3372AE8245F715BF6598C93FD7570B780BA1F4D4335AA17072D2CBB888618754
                                  Function 000001F779ED7008 Relevance: 13.6, APIs: 9, Instructions: 67COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseeki64_nolock
                                  • String ID:
                                  • API String ID: 4140391395-0
                                  • Opcode ID: 19101616f3e261a9beafbca214444aa2a5cb8e231afb96d714edbab2d78f6c11
                                  • Instruction ID: c20de6d68448eb0164698a6a9737d3dd19ecf87b958390492456c83e911ca499
                                  • Opcode Fuzzy Hash: 19101616f3e261a9beafbca214444aa2a5cb8e231afb96d714edbab2d78f6c11
                                  • Instruction Fuzzy Hash: 7A21F27332A24285FB057F2598893FD7930A780BB1F0D4335AA37073D2C7B988A183A0
                                  Function 000001F779F2FF6C Relevance: 12.6, APIs: 10, Instructions: 116COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F779F10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779f10000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: free$FreeHeap_errno
                                  • String ID:
                                  • API String ID: 2737118440-0
                                  • Opcode ID: f2c387d57ff385ba375dc00a6173171a26f2c39e06d74853e0125178de0f68c4
                                  • Instruction ID: ec059df5096ccf5449d603666e7bd3a8fde359befae7094ddf7f838265169a64
                                  • Opcode Fuzzy Hash: f2c387d57ff385ba375dc00a6173171a26f2c39e06d74853e0125178de0f68c4
                                  • Instruction Fuzzy Hash: 1941833027AA8B8FFB95FB58D89ABF872F0F755315FA442799407C22E1CA6C8945C710
                                  Function 000001F779ECF36C Relevance: 12.6, APIs: 10, Instructions: 73COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: free$_errno
                                  • String ID:
                                  • API String ID: 2288870239-0
                                  • Opcode ID: 819b4a270ea7d8595eaf9ac501f5b396dc923916a4c2f054388fd72371d1b91d
                                  • Instruction ID: dc1655c7b32e0efcb1385b29b6b57f7d8dc86809d09b4ecb58b74f046c106614
                                  • Opcode Fuzzy Hash: 819b4a270ea7d8595eaf9ac501f5b396dc923916a4c2f054388fd72371d1b91d
                                  • Instruction Fuzzy Hash: 8F31E83323BB4341FE94FB15E8EE3F43371AB56754F980736995B066D1EFA884948211
                                  Function 000001F779F3FD50 Relevance: 12.2, APIs: 8, Instructions: 177COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F779F10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779f10000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _errno_getptd_noexit_invalid_parameter_noinfo
                                  • String ID:
                                  • API String ID: 1812809483-0
                                  • Opcode ID: f9c4d6ed39d3bdcb6b80e8c2d76cc2c0cca7aaaf292465ae2b9830194cf53d53
                                  • Instruction ID: f7b63658b473907d7527812f767b52ec6942a2ce60fa01c29029c0c051d35e28
                                  • Opcode Fuzzy Hash: f9c4d6ed39d3bdcb6b80e8c2d76cc2c0cca7aaaf292465ae2b9830194cf53d53
                                  • Instruction Fuzzy Hash: 4751B53053EA9B4AFF64BB19844E3F972F0EB58321FA4037AE457C72D6D62C88818741
                                  Function 000001F779ED5834 Relevance: 12.1, APIs: 8, Instructions: 67COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno
                                  • String ID:
                                  • API String ID: 2611593033-0
                                  • Opcode ID: 268773e762f2e10da4a59bd6545c27f05d9dc8848c407f150f864121acff7d22
                                  • Instruction ID: 0afa040d5b81bc590cd18c9c4a221573215eaf43600e3315a4f763647323b1c0
                                  • Opcode Fuzzy Hash: 268773e762f2e10da4a59bd6545c27f05d9dc8848c407f150f864121acff7d22
                                  • Instruction Fuzzy Hash: 8721C23372E64245F7057F2598C93FD767067807A1F5D4335AA27072D6CAF888518750
                                  Function 000001F779ED5058 Relevance: 12.1, APIs: 8, Instructions: 57COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _getptd_noexit$__doserrno__lock_fhandle_close_nolock_errno
                                  • String ID:
                                  • API String ID: 4060740672-0
                                  • Opcode ID: 17379182c61e94fbc4142119cfcf5b3e3f43e3e6c30bf76299a690df2e0bdcd6
                                  • Instruction ID: 665ec3dd0ca96aad9728653fa7d4e2814824fba2e96a5736859c6be47d5a5aca
                                  • Opcode Fuzzy Hash: 17379182c61e94fbc4142119cfcf5b3e3f43e3e6c30bf76299a690df2e0bdcd6
                                  • Instruction Fuzzy Hash: E411B13362E68685F309BF359CC93FD7A70A782761F5D47359517072D6CAF488618390
                                  Function 000001F779F1460C Relevance: 11.6, APIs: 9, Instructions: 305COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F779F10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779f10000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: free$malloc$_errno$_callnewh
                                  • String ID:
                                  • API String ID: 4160633307-0
                                  • Opcode ID: 78c5723810e6e6d18fab4a62d391ea0db65c57382cb75ed74f6abc212771b6cb
                                  • Instruction ID: f5fa26ab907f988d0fa25bf4ab84411eb5add3c2a1ddc9e52635e49ad522547c
                                  • Opcode Fuzzy Hash: 78c5723810e6e6d18fab4a62d391ea0db65c57382cb75ed74f6abc212771b6cb
                                  • Instruction Fuzzy Hash: 2991B73037DB8A8BE759BA6C94557F973E1EBC5750F50076ED48BC32C6EE20980286C6
                                  Function 000001F779EB3A0C Relevance: 11.5, APIs: 9, Instructions: 201COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: free$malloc$_errno$_callnewh
                                  • String ID:
                                  • API String ID: 4160633307-0
                                  • Opcode ID: 930309f8498ff7a349f5473874db00cb4ae22164d30aab4612de4250541046de
                                  • Instruction ID: 6fa764ada6ad7e9c01a636ff8feb1044ea14bb82f83db5d3ccbee52016b36f13
                                  • Opcode Fuzzy Hash: 930309f8498ff7a349f5473874db00cb4ae22164d30aab4612de4250541046de
                                  • Instruction Fuzzy Hash: 8771F73332B78646EA20BB6694C9BFA77A1B786BC4F4453359D4707BC6DA78C805CB10
                                  Function 000001F779F2FE10 Relevance: 10.6, APIs: 7, Instructions: 107COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F779F10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779f10000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Packaged__crt_dosmaperr_errno_getptd_noexit_invalid_parameter_noinfo
                                  • String ID:
                                  • API String ID: 2917016420-0
                                  • Opcode ID: cfbfe809ff06962f400f8854e8dfaca57605153f463412cb5835124c7fa4a529
                                  • Instruction ID: 0b9e83d4f1bbf405db5fd66a2c1755e9da741de7662a2a536445767146f1432f
                                  • Opcode Fuzzy Hash: cfbfe809ff06962f400f8854e8dfaca57605153f463412cb5835124c7fa4a529
                                  • Instruction Fuzzy Hash: DC318130639E4A4FEB55BB69984A3F976E1FB88320F14436DA44BC72D2D738C8418742
                                  Function 000001F779F3A73C Relevance: 10.6, APIs: 7, Instructions: 78COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F779F10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779f10000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _errno$__doserrno__lock_fhandle_getptd_noexit_unlock_fhandle
                                  • String ID:
                                  • API String ID: 4120058822-0
                                  • Opcode ID: 9341880fa3ae8ea43da77f4714028596b22b009dd5c4526b8d460d71b2af8a07
                                  • Instruction ID: 52241821ed4144ceec4c653f67fe851fa629587eaa5033c62627545847789b4e
                                  • Opcode Fuzzy Hash: 9341880fa3ae8ea43da77f4714028596b22b009dd5c4526b8d460d71b2af8a07
                                  • Instruction Fuzzy Hash: 8221B03062FA824EF759BB6A98D93FD76B0EB46310F55033CE527872D2D66C98418391
                                  Function 000001F779ECF210 Relevance: 10.6, APIs: 7, Instructions: 73COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Packaged__crt_dosmaperr_errno_getptd_noexit_invalid_parameter_noinfo
                                  • String ID:
                                  • API String ID: 2917016420-0
                                  • Opcode ID: 6bd0c9401fb351ee2ef62b7ec5c1d05d22ccd8d85f9d07845cb75c559d0d09e7
                                  • Instruction ID: 693051a47a6496bbb0287940fd19843b1c5ea1dd2e21d092d83e0646ce2fa22d
                                  • Opcode Fuzzy Hash: 6bd0c9401fb351ee2ef62b7ec5c1d05d22ccd8d85f9d07845cb75c559d0d09e7
                                  • Instruction Fuzzy Hash: 6A31A73732AB4282FB14FB6594993BD76F1AB8AB94F5847349D46437D5DFB8C4508300
                                  Function 000001F779EDEFD0 Relevance: 10.6, APIs: 7, Instructions: 72COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Locale$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_errno_getptd_invalid_parameter_noinfo
                                  • String ID:
                                  • API String ID: 3191669884-0
                                  • Opcode ID: 17da934d4d304edacbb08e48815c32878d4d79cd43a7a40298e59a88dbb9cc3b
                                  • Instruction ID: b30f2b8309985fa17d32f8cbef9799088b96f9da17b5e24a04e30e3c75b0da78
                                  • Opcode Fuzzy Hash: 17da934d4d304edacbb08e48815c32878d4d79cd43a7a40298e59a88dbb9cc3b
                                  • Instruction Fuzzy Hash: 02318D73229785C5E620EB1194897BDB6B4F744BE0F1C8631AE5607BC9CBB4C8618740
                                  Function 000001F779F30B10 Relevance: 9.3, APIs: 6, Instructions: 257COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F779F10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779f10000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _errno$_filbuf_fileno_getptd_noexit_invalid_parameter_noinfomemcpy_s
                                  • String ID:
                                  • API String ID: 2328795619-0
                                  • Opcode ID: 4bbdce99b29ecd3e24264ac9f3b66a56e11342a03ebc5466d7d382185dba5216
                                  • Instruction ID: 4574d791d6732ef03a6e3264647adf226e967a9f32ad2672f28dab4dba93fc38
                                  • Opcode Fuzzy Hash: 4bbdce99b29ecd3e24264ac9f3b66a56e11342a03ebc5466d7d382185dba5216
                                  • Instruction Fuzzy Hash: 2D61A23023DF4B4AE76C662C545E2B972F1E795760F28033FE457C32D6DE68A85242C1
                                  Function 000001F779ECFF10 Relevance: 9.2, APIs: 6, Instructions: 166COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _errno$_filbuf_fileno_getptd_noexit_invalid_parameter_noinfomemcpy_s
                                  • String ID:
                                  • API String ID: 2328795619-0
                                  • Opcode ID: a6b8c894bc097219f3410178b0f3ee4aa495d15850340b6c84f373b071b042dd
                                  • Instruction ID: d1b325c88172bf2294457bf574be24016217fe56a55dd1de05d0f44c1998ef3b
                                  • Opcode Fuzzy Hash: a6b8c894bc097219f3410178b0f3ee4aa495d15850340b6c84f373b071b042dd
                                  • Instruction Fuzzy Hash: 37512A3332E34192F614AA2654897F975B0B346BF4F1C4B31AE7B43BD5C7B4C4A18240
                                  Function 000001F779F3FBD0 Relevance: 9.1, APIs: 6, Instructions: 108COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F779F10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779f10000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: __updatetlocinfo__updatetmbcinfo_errno_getptd_invalid_parameter_noinfo
                                  • String ID:
                                  • API String ID: 2808835054-0
                                  • Opcode ID: 04a51c6534ba67d8c2ce71a0e6c0b8946822a3beaaa0ad6abf8e1e016199c0f5
                                  • Instruction ID: fa66be01cf519f28f76108e1b9e1531c5688d974ef63b679960f13d588ea2c5d
                                  • Opcode Fuzzy Hash: 04a51c6534ba67d8c2ce71a0e6c0b8946822a3beaaa0ad6abf8e1e016199c0f5
                                  • Instruction Fuzzy Hash: A231923062DA8A4FEB54EF2890897B976E0FB58350F5403BDA84AC72D2CB74DD408781
                                  Function 000001F779F30620 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F779F10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779f10000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _errno$_getptd_noexit_getstream_invalid_parameter_noinfo_openfile
                                  • String ID:
                                  • API String ID: 1547050394-0
                                  • Opcode ID: 25a8bf288fd42ce426ab2ae56b53d18e2e8359fd32586f4ae3706e9ff750b65b
                                  • Instruction ID: 977f9b54bb0e500fd2f3ae3f1134815b4728f19ae08e3c0f1b058b88676223d0
                                  • Opcode Fuzzy Hash: 25a8bf288fd42ce426ab2ae56b53d18e2e8359fd32586f4ae3706e9ff750b65b
                                  • Instruction Fuzzy Hash: 4221607062DA8B8FF794FB2854093FE76F1EB99310F19067AA44AC32D2DA68CC414391
                                  Function 000001F779ECFA20 Relevance: 9.1, APIs: 6, Instructions: 65COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _errno$_getptd_noexit_getstream_invalid_parameter_noinfo_openfile
                                  • String ID:
                                  • API String ID: 1547050394-0
                                  • Opcode ID: 0ee48a0889aaee90efd1175476a0cb7edf48224d72ecded3f82ab5c2f8e8549f
                                  • Instruction ID: 8efcd128a5c9ffd79c678b614681d8db6fa57b4feea3770b66d01dce4be4fcfa
                                  • Opcode Fuzzy Hash: 0ee48a0889aaee90efd1175476a0cb7edf48224d72ecded3f82ab5c2f8e8549f
                                  • Instruction Fuzzy Hash: 7521A43322E78351FB11BB61985A3BEB6B067467C0F484A31998A87BD6DBBCC4508700
                                  Function 000001F779ED9B3C Relevance: 9.1, APIs: 6, Instructions: 63COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _errno$__doserrno__lock_fhandle_getptd_noexit
                                  • String ID:
                                  • API String ID: 2102446242-0
                                  • Opcode ID: acc1e709539f3a0e8ebe9ec8259c6fe6fa9b3b7ac075e700e957115c0bfbe106
                                  • Instruction ID: 80a3cfd89a933673fa9a69965ac0dd0c8032d2a83e29a4e528e6d1e56e091536
                                  • Opcode Fuzzy Hash: acc1e709539f3a0e8ebe9ec8259c6fe6fa9b3b7ac075e700e957115c0bfbe106
                                  • Instruction Fuzzy Hash: C6218E3332B68345F715BF659CC93FD76749781760F0E43389A17072D2DAE888A18318
                                  Function 000001F779ECE3EC Relevance: 9.0, APIs: 5, Strings: 1, Instructions: 45COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _errnomalloc$_callnewh$_invalid_parameter_noinfo_snprintf
                                  • String ID: dpoolWait
                                  • API String ID: 2026495703-1875951006
                                  • Opcode ID: 8070209c1cbe6b8a0a820429e4883b75791e823d018c18b7f063917c64386bf6
                                  • Instruction ID: 1c8b2f55de450e38b2253b2039bd759f967cefca681c551ba7963c4be563b77d
                                  • Opcode Fuzzy Hash: 8070209c1cbe6b8a0a820429e4883b75791e823d018c18b7f063917c64386bf6
                                  • Instruction Fuzzy Hash: F7010C7272579141EA14EB12B4487A977A9F399FD0F05432DEF9A437C5CE78C8018780
                                  Function 000001F779F231F4 Relevance: 9.0, APIs: 7, Instructions: 264stringCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F779F10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779f10000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: freemallocstrchr$FreeHeap_errnorand
                                  • String ID:
                                  • API String ID: 3504763109-0
                                  • Opcode ID: f35e4bf4a30ec4413237561f10dac7197b8990473e0b46e11b580f4fb44e5963
                                  • Instruction ID: 1896979acaac44b27db7e5f1a7a54376faf80a01b397810bf5e6b71c56090331
                                  • Opcode Fuzzy Hash: f35e4bf4a30ec4413237561f10dac7197b8990473e0b46e11b580f4fb44e5963
                                  • Instruction Fuzzy Hash: B481C77063DEDA4BEB56BB2C98063F9B3E0FF99705F040279D58AC71D2DA2489468741
                                  Function 000001F779EC25F4 Relevance: 8.9, APIs: 7, Instructions: 181stringCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: freemallocstrchr$rand
                                  • String ID:
                                  • API String ID: 1305919620-0
                                  • Opcode ID: f55c98597b31e9256bdda085e271814e8bdd530284bc77f6856305a025606a71
                                  • Instruction ID: b16d9403b4a6f432c09cce6db21c50e1d1cbd23e44f16126dd79803544574a9e
                                  • Opcode Fuzzy Hash: f55c98597b31e9256bdda085e271814e8bdd530284bc77f6856305a025606a71
                                  • Instruction Fuzzy Hash: 1971077362EBC541FA25AB29A0593FA77B0EF96B84F085334DBC6177D2DE68C5428700
                                  Function 000001F779F14170 Relevance: 8.9, APIs: 7, Instructions: 181COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F779F10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779f10000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: free$_errno$_callnewhmalloc
                                  • String ID:
                                  • API String ID: 2761444284-0
                                  • Opcode ID: a46d6df1e63736bbf5e6f8efd513222b2720334364c4a35ae3722e37f335d37b
                                  • Instruction ID: b75d579ca4a6924b63a5638e8b6035e6dc5321dd79a2b33d1ed8e112de88a4fd
                                  • Opcode Fuzzy Hash: a46d6df1e63736bbf5e6f8efd513222b2720334364c4a35ae3722e37f335d37b
                                  • Instruction Fuzzy Hash: 3351943462DE8B8BE759BB2894597F973E0FB89304F50067DD84BC32C7EA60D84286C5
                                  Function 000001F779EB3570 Relevance: 8.9, APIs: 7, Instructions: 115COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: free$_errno$_callnewhmalloc
                                  • String ID:
                                  • API String ID: 2761444284-0
                                  • Opcode ID: 3866d312ddc7406d2c13ac3d10959d9d3de063b9a6b1dce899036bf231b32379
                                  • Instruction ID: e64d9e361b792541efefc60db8dee3a2cb4ea113255afac8840f57e5f4e1ffa0
                                  • Opcode Fuzzy Hash: 3866d312ddc7406d2c13ac3d10959d9d3de063b9a6b1dce899036bf231b32379
                                  • Instruction Fuzzy Hash: 7141E13332A79297EA58EB22959A7B93770B70AB80F440735DE4747B85EFB4D816C300
                                  Function 000001F779ECB630 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70stringCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: strtok$_getptd_time64malloc
                                  • String ID: eThreadpoolTimer
                                  • API String ID: 1522986614-2707337283
                                  • Opcode ID: b02d7519bf37bc4b38ca8186062a8fc85f913fef5048514e0fa6af22142f2d69
                                  • Instruction ID: 0357531e0f489e902b0b1998063d992bf6dade1131fc4dc42d1f7ffd43f3759d
                                  • Opcode Fuzzy Hash: b02d7519bf37bc4b38ca8186062a8fc85f913fef5048514e0fa6af22142f2d69
                                  • Instruction Fuzzy Hash: 5B21A0B3626B9581EB00EF12E0DC6A937B8F795B94F1A4329EE9B437C1CA74C451C780
                                  Function 000001F779EBBE74 Relevance: 7.8, APIs: 6, Instructions: 296COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: malloc$_snprintf$_errno_time64freestrtok$_callnewhrealloc
                                  • String ID:
                                  • API String ID: 1314452303-0
                                  • Opcode ID: a14b20026d747f2b5753e6fc705179295a1c2f23b63bad27e5059ac536f54d83
                                  • Instruction ID: d4f5d3474e232213faa74f932009e097786be55a8b4e06659295b2d7d07f7817
                                  • Opcode Fuzzy Hash: a14b20026d747f2b5753e6fc705179295a1c2f23b63bad27e5059ac536f54d83
                                  • Instruction Fuzzy Hash: A0C15A3362A78246FA14FB6594DDBF933B1AB87780F404739A987577C6DEB8C8468700
                                  Function 000001F779F21694 Relevance: 7.7, APIs: 5, Instructions: 205COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F779F10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779f10000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _errno$_invalid_parameter_noinfo$fseekmalloc$_callnewh_fseek_nolock_ftelli64fclose
                                  • String ID:
                                  • API String ID: 2887643383-0
                                  • Opcode ID: f1c4e02295faa99f8843714657dd5281141177bf23df19fa39898597ddf49910
                                  • Instruction ID: 9f74202f165d2e9f3576e5d803967fad67206ce44c8035595b0659e965d9d082
                                  • Opcode Fuzzy Hash: f1c4e02295faa99f8843714657dd5281141177bf23df19fa39898597ddf49910
                                  • Instruction Fuzzy Hash: 2951613162DA894BE749FB28949A7FD72E1EB98310F50477EE44BC32D7DE24990286C1
                                  Function 000001F779F3A348 Relevance: 7.7, APIs: 5, Instructions: 201COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F779F10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779f10000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _lock$_calloc_crt_mtinitlocknum
                                  • String ID:
                                  • API String ID: 3962633935-0
                                  • Opcode ID: b1e94c722dda090378a8e761eed7513b06593d91ccd6790d0d4411b736f80c7c
                                  • Instruction ID: b2b1c34f87a8d0e0342d874ddb994a8b4a3c91fc8667973e65566ab364dfe22e
                                  • Opcode Fuzzy Hash: b1e94c722dda090378a8e761eed7513b06593d91ccd6790d0d4411b736f80c7c
                                  • Instruction Fuzzy Hash: A351E57012EA8A8BE754AF19C8893B5B7E0FB54310F51436DD88BC72E2D678D8428782
                                  Function 000001F779F154F0 Relevance: 7.7, APIs: 6, Instructions: 175COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F779F10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779f10000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: free$_errno$_callnewhmalloc
                                  • String ID:
                                  • API String ID: 2761444284-0
                                  • Opcode ID: 9dd44889f23309e2c133c4e883ac3d7c03cf28f4ebc62bcd805b5d39935d1e2d
                                  • Instruction ID: 792757db34fff514994725d11eaa56b2cbc0d3be438a810b16274010e7631776
                                  • Opcode Fuzzy Hash: 9dd44889f23309e2c133c4e883ac3d7c03cf28f4ebc62bcd805b5d39935d1e2d
                                  • Instruction Fuzzy Hash: E441C63027DB8E4BE759AA2C484A3BA76E5E796354F54463DD887C32C3EE20D80647C1
                                  Function 000001F779F3239C Relevance: 7.6, APIs: 5, Instructions: 149COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F779F10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779f10000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _errno$_fileno_getbuf_getptd_noexit_invalid_parameter_noinfo_isatty
                                  • String ID:
                                  • API String ID: 304646821-0
                                  • Opcode ID: c35e8c2de9f02937b40d8dcb44627bb11330896f7d068decc206105344bae12a
                                  • Instruction ID: 80bbc6138dcb3ec9960a8057544116902cf8d731c9b348fd8ff81baa05ab1c7e
                                  • Opcode Fuzzy Hash: c35e8c2de9f02937b40d8dcb44627bb11330896f7d068decc206105344bae12a
                                  • Instruction Fuzzy Hash: 5A518030129A8A4FEB98FF18C8897F576E0FB45310F640769D85ACB2DBD678D8818781
                                  Function 000001F779F29220 Relevance: 7.6, APIs: 6, Instructions: 142COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F779F10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779f10000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _errno$_snprintffreemalloc$FreeHeap_callnewh_invalid_parameter_noinfo
                                  • String ID:
                                  • API String ID: 343393124-0
                                  • Opcode ID: faf2166294d0965833cb84c6e7fe882f3c5ed13ceeefabe40a4c11aee224dca5
                                  • Instruction ID: 89362a408e7b3b1a648b35e5912bd47ef3d307a551d11106b3362d27f5133f0c
                                  • Opcode Fuzzy Hash: faf2166294d0965833cb84c6e7fe882f3c5ed13ceeefabe40a4c11aee224dca5
                                  • Instruction Fuzzy Hash: 0241733072DA890FE798BB6C651A7F877E2E789310F5446ADD08FC32D6DE249C428785
                                  Function 000001F779EC0A94 Relevance: 7.6, APIs: 5, Instructions: 126COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _errno$_invalid_parameter_noinfomalloc$fseek$_callnewh_fseek_nolock_ftelli64fclose
                                  • String ID:
                                  • API String ID: 1756087678-0
                                  • Opcode ID: f827565397daa4a866320a6784096609c7711a7c42725b9a2a2b01c24697e092
                                  • Instruction ID: 20cb453c551266fef61bb4aea1e6b43f7fd21c6dd070c7bac9cd7e5fec56d2ef
                                  • Opcode Fuzzy Hash: f827565397daa4a866320a6784096609c7711a7c42725b9a2a2b01c24697e092
                                  • Instruction Fuzzy Hash: 09416D3332E64182EA10FB1294997F97271B78ABD0F908335AE9B57BD6DEB8C5458700
                                  Function 000001F779ECFA2C Relevance: 7.6, APIs: 5, Instructions: 124COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _errno_fileno_flsbuf_flush_getptd_noexit_invalid_parameter_noinfo
                                  • String ID:
                                  • API String ID: 1640621425-0
                                  • Opcode ID: f714c1e563aa58d873e3883a1df435710c86d18d380f096712ab5731ea4c4750
                                  • Instruction ID: e17862d91ef6ba3f30f94b5143b4c4ea3d25a103d2a590b03d3000644aaab249
                                  • Opcode Fuzzy Hash: f714c1e563aa58d873e3883a1df435710c86d18d380f096712ab5731ea4c4750
                                  • Instruction Fuzzy Hash: 3B41EB3332A74246FA68AA2255EA3FDB5B1B746FD0F184B309E97477D1D7B4C4558200
                                  Function 000001F779EB48F0 Relevance: 7.6, APIs: 6, Instructions: 114COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: free$_errno$_callnewhmalloc
                                  • String ID:
                                  • API String ID: 2761444284-0
                                  • Opcode ID: 326b315c93b4297f8d1cd44fbd3c536e1a3741d65750285d3f659b19031d268f
                                  • Instruction ID: 16a28c51fbaa5d8aefdaefb1d59e2b77e4413e969ec263e0bd6c02c0dd656265
                                  • Opcode Fuzzy Hash: 326b315c93b4297f8d1cd44fbd3c536e1a3741d65750285d3f659b19031d268f
                                  • Instruction Fuzzy Hash: D741C33323A78642EA15EB2654C8BB976B5B756B88F494334DD57877C1FE78C806C304
                                  Function 000001F779F1FC64 Relevance: 7.6, APIs: 5, Instructions: 90fileCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F779F10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779f10000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _errno$free$FreeHeap_callnewhfclosefwritemalloc
                                  • String ID:
                                  • API String ID: 415550720-0
                                  • Opcode ID: c287650ca013cd6fba82a94b2bfab312077d62521af6d54d1c0599a360ecab3d
                                  • Instruction ID: a7c3b081b518a869c02ccb123ac62cd083ecfaffbb30b9d354ee5788a8e5df79
                                  • Opcode Fuzzy Hash: c287650ca013cd6fba82a94b2bfab312077d62521af6d54d1c0599a360ecab3d
                                  • Instruction Fuzzy Hash: 04214F3063DE8A4BE794F728845A3FEB2E1FB98340F54067EA54BC32C6ED24D9018781
                                  Function 000001F779EC8620 Relevance: 7.6, APIs: 6, Instructions: 87COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _errno$_snprintffreemalloc$_callnewh_invalid_parameter_noinfo
                                  • String ID:
                                  • API String ID: 761449704-0
                                  • Opcode ID: 6cfeb8f42d39390d21f7f655b5309285a784ce0f998201f3a4c834a9ff33a05d
                                  • Instruction ID: b829f6f63afc1d5b951b1eb25fe6c7cf1f9795a40dd9f3bb8c7feed39ad5eae6
                                  • Opcode Fuzzy Hash: 6cfeb8f42d39390d21f7f655b5309285a784ce0f998201f3a4c834a9ff33a05d
                                  • Instruction Fuzzy Hash: 8D31A03322938245F615FB6269983F97B716346FD0F484271DEE7077D6DAB8C4929300
                                  Function 000001F779EBF064 Relevance: 7.6, APIs: 5, Instructions: 58fileCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _errno$free$_callnewhfclosefwritemalloc
                                  • String ID:
                                  • API String ID: 1696598829-0
                                  • Opcode ID: 1bdd5497ac55f9ceee01cd46502ea43f72165348b95f2b256c95d8f9a827a5ec
                                  • Instruction ID: ef725ea30366da0a8d1436f4d55665bcdfbdd35326e40c1cb1b3dca04dd929c7
                                  • Opcode Fuzzy Hash: 1bdd5497ac55f9ceee01cd46502ea43f72165348b95f2b256c95d8f9a827a5ec
                                  • Instruction Fuzzy Hash: E711637332E74241EA10F612A09A3FE73A1A786BD4F444735AE9B4B7CADEACC5058740
                                  Function 000001F779F3A5EC Relevance: 7.5, APIs: 5, Instructions: 41COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F779F10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779f10000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _getptd_noexit$__doserrno_errno
                                  • String ID:
                                  • API String ID: 2964073243-0
                                  • Opcode ID: 7de39b626677fa29025c8f4af27b0a540db68e2d6824cc23474586602198323a
                                  • Instruction ID: e7de4fc6c9294c0c14a743bb955237a72a1e981294b135f5754489675467b530
                                  • Opcode Fuzzy Hash: 7de39b626677fa29025c8f4af27b0a540db68e2d6824cc23474586602198323a
                                  • Instruction Fuzzy Hash: FA016D3063F98A4EF759F765C8593F832B0BB12329FA48374A0078B1E2E66C84418712
                                  Function 000001F779ED99EC Relevance: 7.5, APIs: 5, Instructions: 31COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _getptd_noexit$__doserrno_errno
                                  • String ID:
                                  • API String ID: 2964073243-0
                                  • Opcode ID: 02e55afb5f5e5304a095475b8354770d2627f5ba6f47f1d288df05a1981eaf7d
                                  • Instruction ID: 8ab898882524005ddfb072e185227be9a9e801e8ec9a6deea6242864876ff12f
                                  • Opcode Fuzzy Hash: 02e55afb5f5e5304a095475b8354770d2627f5ba6f47f1d288df05a1981eaf7d
                                  • Instruction Fuzzy Hash: 7401697773BA4684FA09BB64C8C93FC76719B91B22F998321D52B073D2C6A848618210
                                  Function 000001F779F1EC04 Relevance: 6.5, APIs: 5, Instructions: 254COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F779F10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779f10000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _snprintf
                                  • String ID:
                                  • API String ID: 3512837008-0
                                  • Opcode ID: 72e4e973a1d0442b98f7febb78707b45b3081222fbe35b5ecbc6412512dc3076
                                  • Instruction ID: 48f7a22de75de9267d3acc920f5145dd3742a306c4582344b2be8aaa5cdf9e9d
                                  • Opcode Fuzzy Hash: 72e4e973a1d0442b98f7febb78707b45b3081222fbe35b5ecbc6412512dc3076
                                  • Instruction Fuzzy Hash: 66917F3162CA898FEB54FF18D889BEAB7F5FB95304F100679A447C31D2DA38D9458B81
                                  Function 000001F779EBE004 Relevance: 6.4, APIs: 5, Instructions: 165COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _snprintf
                                  • String ID:
                                  • API String ID: 3512837008-0
                                  • Opcode ID: 72e4e973a1d0442b98f7febb78707b45b3081222fbe35b5ecbc6412512dc3076
                                  • Instruction ID: 7e176fb8a18dfb9a1b6c184ae24d35d2badbfde6d55717fe72de19e9944bc0fe
                                  • Opcode Fuzzy Hash: 72e4e973a1d0442b98f7febb78707b45b3081222fbe35b5ecbc6412512dc3076
                                  • Instruction Fuzzy Hash: 6F81393322AB8695EB50EB61D8887E933B1F78A784F840736DA8B137D5DBB8C545C740
                                  Function 000001F779F2EFEC Relevance: 6.3, APIs: 5, Instructions: 76COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F779F10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779f10000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _errnomalloc$_callnewh$_invalid_parameter_noinfo_snprintf
                                  • String ID:
                                  • API String ID: 2026495703-0
                                  • Opcode ID: b352101c7262c8bcb4a5e96376bd10b91777e0dce9561e268234f3b9efdf5141
                                  • Instruction ID: 085339021d45c99f398b05a82b28537d84716798e5fea0c3cb8129aa731c236f
                                  • Opcode Fuzzy Hash: b352101c7262c8bcb4a5e96376bd10b91777e0dce9561e268234f3b9efdf5141
                                  • Instruction Fuzzy Hash: DF11513063DF454FE7A8EB6CA44A3A976E1E78D710F50466EE09AC33D6EA349C4147C1
                                  Function 000001F779F3062C Relevance: 6.2, APIs: 4, Instructions: 194COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F779F10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779f10000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _errno_fileno_flush_getptd_noexit_invalid_parameter_noinfo
                                  • String ID:
                                  • API String ID: 634798775-0
                                  • Opcode ID: 34e7f92ebff520e6a17a4e985317f9f17b8bd586bad3667c73d28a98cf0395a5
                                  • Instruction ID: ec63e5f07001d7db4f92a4415e7b11e2ad77d538ac96513ca95ed80da7df8b89
                                  • Opcode Fuzzy Hash: 34e7f92ebff520e6a17a4e985317f9f17b8bd586bad3667c73d28a98cf0395a5
                                  • Instruction Fuzzy Hash: B351F83022EF4E4BE668796D544E3B571F0E798710F28437FA49BC31E6EA64DC524581
                                  Function 000001F779ECB3C0 Relevance: 6.1, APIs: 4, Instructions: 140COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1dde0bc93da3cc204cab392ef88660b8feabc790641522e6986fd432b01f6e40
                                  • Instruction ID: 41d0ab08498dfc1bfedf1e850a0edf6d095f6aa2c87e5f851c3d9d5827f86836
                                  • Opcode Fuzzy Hash: 1dde0bc93da3cc204cab392ef88660b8feabc790641522e6986fd432b01f6e40
                                  • Instruction Fuzzy Hash: 29617D3322B70286E754AB15A5CD3F833B2A359B55F68473AD98B473E1EBB4C481CB40
                                  Function 000001F779F110D0 Relevance: 6.1, APIs: 4, Instructions: 90COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F779F10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779f10000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: clock
                                  • String ID:
                                  • API String ID: 3195780754-0
                                  • Opcode ID: 88d80a52c757cc5c40c2c6d70a970e4954adb33c3b78b443ec03df4506b3ea8d
                                  • Instruction ID: 3d03d75800f394110497975bc62e8b696a41ad38d3f334e2e7429c1a9c8b87a4
                                  • Opcode Fuzzy Hash: 88d80a52c757cc5c40c2c6d70a970e4954adb33c3b78b443ec03df4506b3ea8d
                                  • Instruction Fuzzy Hash: 5221293165DB8A4FE768FDA894467B6F2E4DB45350F15073DE88793182E9518C4282D1
                                  Function 000001F779EB04D0 Relevance: 6.1, APIs: 4, Instructions: 62COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: clock
                                  • String ID:
                                  • API String ID: 3195780754-0
                                  • Opcode ID: 88d80a52c757cc5c40c2c6d70a970e4954adb33c3b78b443ec03df4506b3ea8d
                                  • Instruction ID: d34f39d85eb81d6635b94f15f268ffbba63a7954f419298b620c06473c13beed
                                  • Opcode Fuzzy Hash: 88d80a52c757cc5c40c2c6d70a970e4954adb33c3b78b443ec03df4506b3ea8d
                                  • Instruction Fuzzy Hash: 68110A3311A74689F774BEA664C4EBBB6B0B745390F195335EE4603AC9E9B4D881C740
                                  Function 000001F779EDE9D8 Relevance: 6.1, APIs: 4, Instructions: 62stringCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Locale$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_errno_getptd_getptd_noexit_invalid_parameter_noinfostrchr
                                  • String ID:
                                  • API String ID: 4151157258-0
                                  • Opcode ID: 89153f5c64fab27db57a2af5758249aa045b2e8adbb4ff24b9161b74b74b034e
                                  • Instruction ID: 3afc1a591ce5dce0b22c5db812772494b23bfe0c0af7f749e5b4be28e27ceb59
                                  • Opcode Fuzzy Hash: 89153f5c64fab27db57a2af5758249aa045b2e8adbb4ff24b9161b74b74b034e
                                  • Instruction Fuzzy Hash: F721233322E2A340FB68B61190DC3BDB6B0F340BD5F1C4339EA970AAD5D9A8C5618710
                                  Function 000001F779EC13B0 Relevance: 6.0, APIs: 4, Instructions: 30COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _errno$remove$_callnewh_invalid_parameter_noinfo_snprintfmalloc
                                  • String ID:
                                  • API String ID: 2566950902-0
                                  • Opcode ID: fcd4f31b16295b3d981e03ccf995d44eb940f919008a0e94d9d9162e5faefa64
                                  • Instruction ID: 79260dd297f245983f8fdcbab5621be18b6d87bf0f6e81e06398b4063211d6fe
                                  • Opcode Fuzzy Hash: fcd4f31b16295b3d981e03ccf995d44eb940f919008a0e94d9d9162e5faefa64
                                  • Instruction Fuzzy Hash: 0FF0623222A78189E210FB12B8452FEB270E785BC0F5C4234BF8A17BD6CEB8C8514744
                                  Function 000001F779F2F860 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F779F10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779f10000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _errno_getptd_noexit_invalid_parameter_noinfo
                                  • String ID: B
                                  • API String ID: 1812809483-1255198513
                                  • Opcode ID: c02d2d703cad3fde31994e70e132d1470a84cf0b2fdde3fa0011d2dc5e3ae6ea
                                  • Instruction ID: 2f45ed078b0e31be875905046de7830fe8bd989d78d65dd57d75b4619e035240
                                  • Opcode Fuzzy Hash: c02d2d703cad3fde31994e70e132d1470a84cf0b2fdde3fa0011d2dc5e3ae6ea
                                  • Instruction Fuzzy Hash: B9116030628B494FD754EF58944A7E9B6E1FB98324F6047AEA41AC32E1CB78C944C782
                                  Function 000001F779ECEC60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: _errno_getptd_noexit_invalid_parameter_noinfo
                                  • String ID: B
                                  • API String ID: 1812809483-1255198513
                                  • Opcode ID: 60c63a2ab9f2c694e46ab874add7d0a6eb48e0963f6941f66a4f1d1620c6c169
                                  • Instruction ID: 93fa345a74ea72af124986b552f6ed0b4d4f3270ae712c503280b15cda80e32a
                                  • Opcode Fuzzy Hash: 60c63a2ab9f2c694e46ab874add7d0a6eb48e0963f6941f66a4f1d1620c6c169
                                  • Instruction Fuzzy Hash: 54118E73629B8086EB14EB12D4847ADB660F799FE4F984324AB9907BD5CF78C540CB00
                                  Function 000001F779EB10C4 Relevance: 5.3, APIs: 4, Instructions: 261COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: free$_errno$_calloc_implcalloc
                                  • String ID:
                                  • API String ID: 4000150058-0
                                  • Opcode ID: 1990de878bdb2b18b214190b8058df6cf8cdb58ae8a7ad838a221dc59059176c
                                  • Instruction ID: c5d54adeb2452bef291d443adee47dba8a90a1181e0e141d66c8f0902b0d5485
                                  • Opcode Fuzzy Hash: 1990de878bdb2b18b214190b8058df6cf8cdb58ae8a7ad838a221dc59059176c
                                  • Instruction Fuzzy Hash: 71C11B33219B858AE764DF55E8847AE77B4F389794F10422AEB8E43B98DF78C455CB00
                                  Function 000001F779F2AD44 Relevance: 5.2, APIs: 4, Instructions: 226COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F779F10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779f10000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: free$_errno$_callnewhmalloc
                                  • String ID:
                                  • API String ID: 2761444284-0
                                  • Opcode ID: 220d10eecca3932b28677e19a5d899b4e1de467fae96e5e6bbac4d4284393be2
                                  • Instruction ID: ef9006bd5de01211f57c67a771453f988279d7a4f53a858fc56dc184392b7854
                                  • Opcode Fuzzy Hash: 220d10eecca3932b28677e19a5d899b4e1de467fae96e5e6bbac4d4284393be2
                                  • Instruction Fuzzy Hash: 2F61743023EA8A4BEB58FB2894597FD72F1EB94750F100B3DA447C35D7DA28D9028681
                                  Function 000001F779F14300 Relevance: 5.2, APIs: 4, Instructions: 179COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531846820.000001F779F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F779F10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779f10000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: malloc
                                  • String ID:
                                  • API String ID: 2803490479-0
                                  • Opcode ID: eb22e79342f6c44f5990d3d93bc1acaf377093f70efb3d4e41a798bd81bbd69f
                                  • Instruction ID: 8338847ac18c87555f11d3fdcea64212ce960f8535ad156b6bcd4fbdf49d96de
                                  • Opcode Fuzzy Hash: eb22e79342f6c44f5990d3d93bc1acaf377093f70efb3d4e41a798bd81bbd69f
                                  • Instruction Fuzzy Hash: 2F51977026DA468BDB58FF2894892B973E1FBC5310F504A7DDC9BC32C6FA20DC528685
                                  Function 000001F779ECA144 Relevance: 5.2, APIs: 4, Instructions: 155COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: free$_errno$_callnewhmalloc
                                  • String ID:
                                  • API String ID: 2761444284-0
                                  • Opcode ID: 4bbd7cf35d3a9611d3bfe0cac302482741ce3a5729489c26a54f39a05b56b302
                                  • Instruction ID: 941b04443bb7491fa9833141403ba9a08b46625bd9a4fd34a29b20de848be9a5
                                  • Opcode Fuzzy Hash: 4bbd7cf35d3a9611d3bfe0cac302482741ce3a5729489c26a54f39a05b56b302
                                  • Instruction Fuzzy Hash: BF51B43322A34751EA18BB2595E93FD73B2B782780F544B35AA8B577D6EEF9C4018700
                                  Function 000001F779EB3700 Relevance: 5.1, APIs: 4, Instructions: 112COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3531811192.000001F779EB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F779EB0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1f779eb0000_mode11_N1Fz.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: malloc
                                  • String ID:
                                  • API String ID: 2803490479-0
                                  • Opcode ID: 80bcae34b50f6f3c58066c2fc9d1801100724e039a84313f03cb0366590bdd42
                                  • Instruction ID: a91001c40109258dbe117f00f0bca09c5ff3f4705c61c3133d2f0d6e85a76fb9
                                  • Opcode Fuzzy Hash: 80bcae34b50f6f3c58066c2fc9d1801100724e039a84313f03cb0366590bdd42
                                  • Instruction Fuzzy Hash: 3A41BF3362A78292EB54EA26A489ABD33B1F345B84F404735EE1B47BC5EF74D805C700