Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
mode11_0HVJ.exe

Overview

General Information

Sample name:mode11_0HVJ.exe
Analysis ID:1583725
MD5:253d6bafccbca3b73532be37524c551e
SHA1:397a0439ade31dc54b5bb288b8cd29ee3480e3e8
SHA256:3625fddc2687c086d6d4a4300b03d4a2492acf8e843697f57830bb40956f495a
Tags:exemalwaretrojanuser-Joker
Infos:

Detection

CobaltStrike
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected CobaltStrike
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Performs DNS queries to domains with low reputation
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
IP address seen in connection with other malware
PE file contains more sections than normal
PE file contains sections with non-standard names
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • mode11_0HVJ.exe (PID: 2828 cmdline: "C:\Users\user\Desktop\mode11_0HVJ.exe" MD5: 253D6BAFCCBCA3B73532BE37524C551E)
    • conhost.exe (PID: 3380 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Cobalt Strike, CobaltStrikeCobalt Strike is a paid penetration testing product that allows an attacker to deploy an agent named 'Beacon' on the victim machine. Beacon includes a wealth of functionality to the attacker, including, but not limited to command execution, key logging, file transfer, SOCKS proxying, privilege escalation, mimikatz, port scanning and lateral movement. Beacon is in-memory/file-less, in that it consists of stageless or multi-stage shellcode that once loaded by exploiting a vulnerability or executing a shellcode loader, will reflectively load itself into the memory of a process without touching the disk. It supports C2 and staging over HTTP, HTTPS, DNS, SMB named pipes as well as forward and reverse TCP; Beacons can be daisy-chained. Cobalt Strike comes with a toolkit for developing shellcode loaders, called Artifact Kit.The Beacon implant has become popular amongst targeted attackers and criminal users as it is well written, stable, and highly customizable.
  • APT 29
  • APT32
  • APT41
  • AQUATIC PANDA
  • Anunak
  • Cobalt
  • Codoso
  • CopyKittens
  • DarkHydrus
  • Earth Baxia
  • FIN6
  • FIN7
  • Leviathan
  • Mustang Panda
  • Shell Crew
  • Stone Panda
  • TianWu
  • UNC1878
  • UNC2452
  • Winnti Umbrella
https://malpedia.caad.fkie.fraunhofer.de/details/win.cobalt_strike

Malware Configuration

Threatname: CobaltStrike

{"BeaconType": ["HTTPS"], "Port": 8443, "SleepTime": 12000, "MaxGetSize": 1403642, "Jitter": 60, "C2Server": "632313373.xyz,/js/jquery-3.3.1.min.js", "HttpPostUri": "/post", "Malleable_C2_Instructions": ["Remove 1522 bytes from the end", "Remove 4016 bytes from the beginning", "Base64 decode"], "HttpGet_Verb": "GET", "HttpPost_Verb": "POST", "HttpPostChunk": 0, "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe", "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe", "CryptoScheme": 0, "Proxy_Behavior": "Use IE settings", "Watermark": 987654321, "bStageCleanup": "False", "bCFGCaution": "False", "KillDate": 0, "bProcInject_StartRWX": "False", "bProcInject_UseRWX": "False", "bProcInject_MinAllocSize": 17500, "ProcInject_PrependAppend_x86": ["kJCQkJCQkJCQ", "Empty"], "ProcInject_PrependAppend_x64": ["kJCQkJCQkJCQ", "Empty"], "ProcInject_Execute": ["ntdll.dll:RtlUserThreadStart", "NtQueueApcThread-s", "SetThreadContext", "CreateRemoteThread", "kernel32.dll:LoadLibraryA", "RtlCreateUserThread"], "ProcInject_AllocationMethod": "NtMapViewOfSection", "bUsesCookies": "False", "HostHeader": "Host: 632313373.xyz\r\n"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_CobaltStrike_2Yara detected CobaltStrikeJoe Security
    00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_CobaltStrikeYara detected CobaltStrikeJoe Security
      00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_CobaltStrike_4Yara detected CobaltStrikeJoe Security
        00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_CobaltStrike_3Yara detected CobaltStrikeJoe Security
          00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmpWindows_Trojan_CobaltStrike_ee756db7Attempts to detect Cobalt Strike based on strings found in BEACONunknown
          • 0x30d60:$a39: %s as %s\%s: %d
          • 0x401e2:$a41: beacon.x64.dll
          • 0x31f70:$a46: %s (admin)
          • 0x30ed8:$a48: %s%s: %s
          • 0x30d8c:$a50: %02d/%02d/%02d %02d:%02d:%02d
          • 0x30db8:$a50: %02d/%02d/%02d %02d:%02d:%02d
          • 0x31fd9:$a51: Content-Length: %d
          Click to see the 20 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.2.mode11_0HVJ.exe.20cd5140000.11.unpackJoeSecurity_CobaltStrikeYara detected CobaltStrikeJoe Security
            0.2.mode11_0HVJ.exe.20cd5140000.11.unpackJoeSecurity_CobaltStrike_4Yara detected CobaltStrikeJoe Security
              0.2.mode11_0HVJ.exe.20cd5140000.11.unpackJoeSecurity_CobaltStrike_3Yara detected CobaltStrikeJoe Security
                0.2.mode11_0HVJ.exe.20cd5140000.11.unpackWindows_Trojan_CobaltStrike_663fc95dIdentifies CobaltStrike via unidentified function codeunknown
                • 0x1c13c:$a: 48 89 5C 24 08 57 48 83 EC 20 48 8B 59 10 48 8B F9 48 8B 49 08 FF 17 33 D2 41 B8 00 80 00 00
                0.2.mode11_0HVJ.exe.20cd5140000.11.unpackWindows_Trojan_CobaltStrike_f0b627fcRule for beacon reflective loaderunknown
                • 0x17d6a:$beacon_loader_x64: 25 FF FF FF 00 3D 41 41 41 00 75 1A 8B 44 24 78 25 FF FF FF 00 3D 42 42 42 00 75
                • 0x1909b:$beacon_loader_x64: 25 FF FF FF 00 3D 41 41 41 00 75 1A 8B 44 24 78 25 FF FF FF 00 3D 42 42 42 00 75
                Click to see the 15 entries

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                No Suricata rule has matched

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus detection for URL or domain
                Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsdAvira URL Cloud: Label: malware
                Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.js$RAvira URL Cloud: Label: malware
                Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsa69?Avira URL Cloud: Label: malware
                Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.js3011b87bd06HAvira URL Cloud: Label: malware
                Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsderTAvira URL Cloud: Label: malware
                Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsderLAvira URL Cloud: Label: malware
                Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jss1Avira URL Cloud: Label: malware
                Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsLAvira URL Cloud: Label: malware
                Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsHAvira URL Cloud: Label: malware
                Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.js23.140.1.2.11.3.6.1.5.5.7.3.11.3.6.1.5.5.7.3.21.3.6Avira URL Cloud: Label: malware
                Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsTAvira URL Cloud: Label: malware
                Source: https://632313373.xyz:8443/softAvira URL Cloud: Label: malware
                Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsnRAvira URL Cloud: Label: malware
                Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsPAvira URL Cloud: Label: malware
                Source: https://632313373.xyz:8443/;Avira URL Cloud: Label: malware
                Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsder8Avira URL Cloud: Label: malware
                Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsAvira URL Cloud: Label: malware
                Source: https://632313373.xyz:8443/DAvira URL Cloud: Label: malware
                Source: https://632313373.xyz:8443/Avira URL Cloud: Label: malware
                Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsjAvira URL Cloud: Label: malware
                Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.js6.1.0Avira URL Cloud: Label: malware
                Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsdc66f220428Avira URL Cloud: Label: malware
                Source: https://632313373.xyz:8443/#Avira URL Cloud: Label: malware
                Source: https://632313373.xyz:8443/4Avira URL Cloud: Label: malware
                Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsJSbAvira URL Cloud: Label: malware
                Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jstRAvira URL Cloud: Label: malware
                Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.js3011b87bd06Avira URL Cloud: Label: malware
                Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.js3/Avira URL Cloud: Label: malware
                Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsder(Avira URL Cloud: Label: malware
                Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsnt:Avira URL Cloud: Label: malware
                Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.js8Avira URL Cloud: Label: malware
                Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsd/Avira URL Cloud: Label: malware
                Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsdezAvira URL Cloud: Label: malware
                Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsderzAvira URL Cloud: Label: malware
                Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsVEZ/Avira URL Cloud: Label: malware
                Source: https://632313373.xyz/Avira URL Cloud: Label: malware
                Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.js2RzAvira URL Cloud: Label: malware
                Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsderpAvira URL Cloud: Label: malware
                Source: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsderAvira URL Cloud: Label: malware
                Source: 632313373.xyzAvira URL Cloud: Label: malware
                Found malware configuration
                Source: 00000000.00000002.3418911823.000000C000102000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: CobaltStrike {"BeaconType": ["HTTPS"], "Port": 8443, "SleepTime": 12000, "MaxGetSize": 1403642, "Jitter": 60, "C2Server": "632313373.xyz,/js/jquery-3.3.1.min.js", "HttpPostUri": "/post", "Malleable_C2_Instructions": ["Remove 1522 bytes from the end", "Remove 4016 bytes from the beginning", "Base64 decode"], "HttpGet_Verb": "GET", "HttpPost_Verb": "POST", "HttpPostChunk": 0, "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe", "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe", "CryptoScheme": 0, "Proxy_Behavior": "Use IE settings", "Watermark": 987654321, "bStageCleanup": "False", "bCFGCaution": "False", "KillDate": 0, "bProcInject_StartRWX": "False", "bProcInject_UseRWX": "False", "bProcInject_MinAllocSize": 17500, "ProcInject_PrependAppend_x86": ["kJCQkJCQkJCQ", "Empty"], "ProcInject_PrependAppend_x64": ["kJCQkJCQkJCQ", "Empty"], "ProcInject_Execute": ["ntdll.dll:RtlUserThreadStart", "NtQueueApcThread-s", "SetThreadContext", "CreateRemoteThread", "kernel32.dll:LoadLibraryA", "RtlCreateUserThread"], "ProcInject_AllocationMethod": "NtMapViewOfSection", "bUsesCookies": "False", "HostHeader": "Host: 632313373.xyz\r\n"}
                Multi AV Scanner detection for submitted file
                Source: mode11_0HVJ.exeVirustotal: Detection: 22%Perma Link
                Source: mode11_0HVJ.exeReversingLabs: Detection: 15%
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.7% probability
                Source: mode11_0HVJ.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

                Networking

                barindex
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: 632313373.xyz
                Performs DNS queries to domains with low reputation
                Source: DNS query: 632313373.xyz
                Source: global trafficTCP traffic: 192.168.2.6:49712 -> 188.114.96.3:8443
                Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
                Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeCode function: 0_2_0000020CD694E68C _snprintf,_snprintf,_snprintf,InternetQueryDataAvailable,InternetReadFile,InternetCloseHandle,0_2_0000020CD694E68C
                Source: global trafficDNS traffic detected: DNS query: 632313373.xyz
                Source: mode11_0HVJ.exe, 00000000.00000003.2211740532.0000020C8FE2B000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2210757341.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900653373.0000020C8FE34000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FD5C000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2598153642.0000020C8FE33000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2699718665.0000020C8FE28000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDC8000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FE32000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FE2A000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FE28000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2699773172.0000020C8FE31000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2210757341.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469201722.0000020C8FDC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c.pki.goog/r/gsr1.crl0
                Source: mode11_0HVJ.exe, 00000000.00000003.2211740532.0000020C8FE2B000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2210757341.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2276227424.0000020C8FE2B000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDE4000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900653373.0000020C8FE34000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FD5C000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2598153642.0000020C8FE33000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2699718665.0000020C8FE28000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FE26000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FE28000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FE32000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDE4000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469201722.0000020C8FDE4000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c.pki.goog/r/r4.crl0
                Source: mode11_0HVJ.exe, 00000000.00000003.2211740532.0000020C8FE2B000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2210757341.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900653373.0000020C8FE34000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FD5C000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2598153642.0000020C8FE33000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2699718665.0000020C8FE28000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FE32000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDE4000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FE2A000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FE28000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2699773172.0000020C8FE31000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2210757341.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c.pki.goog/we1/PCUeQViQlYc.crl0
                Source: mode11_0HVJ.exe, 00000000.00000003.2211740532.0000020C8FE2B000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2210757341.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900653373.0000020C8FE34000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FD5C000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2598153642.0000020C8FE33000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2699718665.0000020C8FE28000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDC8000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FE32000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FE2A000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FE28000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2699773172.0000020C8FE31000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2210757341.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469201722.0000020C8FDC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://i.pki.goog/gsr1.crt0-
                Source: mode11_0HVJ.exe, 00000000.00000003.2211740532.0000020C8FE2B000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2210757341.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2276227424.0000020C8FE2B000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDE4000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900653373.0000020C8FE34000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FD5C000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2598153642.0000020C8FE33000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2699718665.0000020C8FE28000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FE26000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FE28000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FE32000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDE4000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469201722.0000020C8FDE4000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://i.pki.goog/r4.crt0
                Source: mode11_0HVJ.exe, 00000000.00000003.2211740532.0000020C8FE2B000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2210757341.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900653373.0000020C8FE34000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FD5C000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2598153642.0000020C8FE33000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2699718665.0000020C8FE28000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FE32000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDE4000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FE2A000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FE28000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2699773172.0000020C8FE31000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2210757341.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://i.pki.goog/we1.crt0
                Source: mode11_0HVJ.exe, 00000000.00000003.2211740532.0000020C8FE2B000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2210757341.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900653373.0000020C8FE34000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FD5C000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2598153642.0000020C8FE33000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2699718665.0000020C8FE28000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FE32000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDE4000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FE2A000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FE28000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2699773172.0000020C8FE31000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2210757341.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://o.pki.goog/s/we1/lk00%
                Source: mode11_0HVJ.exe, 00000000.00000003.2469201722.0000020C8FDC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz/
                Source: mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/
                Source: mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/#
                Source: mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/4
                Source: mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/;
                Source: mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/D
                Source: mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.js
                Source: mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDC8000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469201722.0000020C8FDC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.js$R
                Source: mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.js23.140.1.2.11.3.6.1.5.5.7.3.11.3.6.1.5.5.7.3.21.3.6
                Source: mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDC8000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469201722.0000020C8FDC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.js2Rz
                Source: mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.js3/
                Source: mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.js3011b87bd06
                Source: mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.js3011b87bd06H
                Source: mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.js6.1.0
                Source: mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.js8
                Source: mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsD
                Source: mode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsH
                Source: mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsJSb
                Source: mode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2210757341.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsL
                Source: mode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2210757341.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsP
                Source: mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsT
                Source: mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsVEZ/
                Source: mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FD5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsa69?
                Source: mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsd
                Source: mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsd/
                Source: mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsdc66f220428
                Source: mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsder
                Source: mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsder(
                Source: mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsder8
                Source: mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsderL
                Source: mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsderT
                Source: mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsderp
                Source: mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsderz
                Source: mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsdez
                Source: mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsh
                Source: mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsj
                Source: mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsnR
                Source: mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsnt:
                Source: mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jsp
                Source: mode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jss1
                Source: mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jst
                Source: mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/js/jquery-3.3.1.min.jstR
                Source: mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://632313373.xyz:8443/soft
                Source: mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FD5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/what?indextype=1&__cfduid=
                Source: mode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDC3000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2210757341.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469201722.0000020C8FDC8000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/what?indextype=1&__cfduid=iZutOoz8VIbmW2JLwtU8s4CZ2zyz0rN1h0jjQK6RieH4Jo2QhA0

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 0.2.mode11_0HVJ.exe.20cd5140000.11.unpack, type: UNPACKEDPEMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
                Source: 0.2.mode11_0HVJ.exe.20cd5140000.11.unpack, type: UNPACKEDPEMatched rule: Rule for beacon reflective loader Author: unknown
                Source: 0.2.mode11_0HVJ.exe.20cd5140000.11.raw.unpack, type: UNPACKEDPEMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
                Source: 0.2.mode11_0HVJ.exe.20cd5140000.11.raw.unpack, type: UNPACKEDPEMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
                Source: 0.2.mode11_0HVJ.exe.20cd5140000.11.raw.unpack, type: UNPACKEDPEMatched rule: Rule for beacon reflective loader Author: unknown
                Source: 0.2.mode11_0HVJ.exe.20cd5140000.11.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
                Source: 0.2.mode11_0HVJ.exe.c000102000.7.raw.unpack, type: UNPACKEDPEMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
                Source: 0.2.mode11_0HVJ.exe.c000102000.7.raw.unpack, type: UNPACKEDPEMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
                Source: 0.2.mode11_0HVJ.exe.c000102000.7.raw.unpack, type: UNPACKEDPEMatched rule: Rule for beacon reflective loader Author: unknown
                Source: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
                Source: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
                Source: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
                Source: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
                Source: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
                Source: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
                Source: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
                Source: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 Author: unknown
                Source: 00000000.00000002.3418911823.000000C000102000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
                Source: 00000000.00000002.3418911823.000000C000102000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
                Source: 00000000.00000002.3418911823.000000C000102000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
                Source: Process Memory Space: mode11_0HVJ.exe PID: 2828, type: MEMORYSTRMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeCode function: 0_2_0000020CD515F5A80_2_0000020CD515F5A8
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeCode function: 0_2_0000020CD516E6000_2_0000020CD516E600
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeCode function: 0_2_0000020CD514CE3C0_2_0000020CD514CE3C
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeCode function: 0_2_0000020CD51496800_2_0000020CD5149680
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeCode function: 0_2_0000020CD516C6800_2_0000020CD516C680
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeCode function: 0_2_0000020CD516B7B00_2_0000020CD516B7B0
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeCode function: 0_2_0000020CD516CFF00_2_0000020CD516CFF0
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeCode function: 0_2_0000020CD5156F380_2_0000020CD5156F38
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeCode function: 0_2_0000020CD51612640_2_0000020CD5161264
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeCode function: 0_2_0000020CD51619280_2_0000020CD5161928
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeCode function: 0_2_0000020CD51659140_2_0000020CD5165914
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeCode function: 0_2_0000020CD514916C0_2_0000020CD514916C
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeCode function: 0_2_0000020CD516239C0_2_0000020CD516239C
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeCode function: 0_2_0000020CD516C3970_2_0000020CD516C397
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeCode function: 0_2_0000020CD516AAB00_2_0000020CD516AAB0
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeCode function: 0_2_0000020CD51503340_2_0000020CD5150334
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeCode function: 0_2_0000020CD51603740_2_0000020CD5160374
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeCode function: 0_2_0000020CD6962F9C0_2_0000020CD6962F9C
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeCode function: 0_2_0000020CD69625280_2_0000020CD6962528
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeCode function: 0_2_0000020CD6961E640_2_0000020CD6961E64
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeCode function: 0_2_0000020CD6957B380_2_0000020CD6957B38
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeCode function: 0_2_0000020CD696DBF00_2_0000020CD696DBF0
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeCode function: 0_2_0000020CD696D2800_2_0000020CD696D280
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeCode function: 0_2_0000020CD69601A80_2_0000020CD69601A8
                Source: mode11_0HVJ.exeStatic PE information: Number of sections : 15 > 10
                Source: 0.2.mode11_0HVJ.exe.20cd5140000.11.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
                Source: 0.2.mode11_0HVJ.exe.20cd5140000.11.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
                Source: 0.2.mode11_0HVJ.exe.20cd5140000.11.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
                Source: 0.2.mode11_0HVJ.exe.20cd5140000.11.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
                Source: 0.2.mode11_0HVJ.exe.20cd5140000.11.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
                Source: 0.2.mode11_0HVJ.exe.20cd5140000.11.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
                Source: 0.2.mode11_0HVJ.exe.c000102000.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
                Source: 0.2.mode11_0HVJ.exe.c000102000.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
                Source: 0.2.mode11_0HVJ.exe.c000102000.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
                Source: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
                Source: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
                Source: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
                Source: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
                Source: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
                Source: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
                Source: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
                Source: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 date_created = 2020-12-02, rev = FireEye, date_modified = 2020-12-02, md5 = f41074be5b423afb02a74bc74222e35d
                Source: 00000000.00000002.3418911823.000000C000102000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
                Source: 00000000.00000002.3418911823.000000C000102000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
                Source: 00000000.00000002.3418911823.000000C000102000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
                Source: Process Memory Space: mode11_0HVJ.exe PID: 2828, type: MEMORYSTRMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
                Source: mode11_0HVJ.exeStatic PE information: Section: /19 ZLIB complexity 0.9997477946696697
                Source: mode11_0HVJ.exeStatic PE information: Section: /32 ZLIB complexity 0.9919834421641791
                Source: mode11_0HVJ.exeStatic PE information: Section: /65 ZLIB complexity 1.0002253605769231
                Source: mode11_0HVJ.exeStatic PE information: Section: /78 ZLIB complexity 0.9947857481060606
                Source: classification engineClassification label: mal100.troj.winEXE@2/0@1/1
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3380:120:WilError_03
                Source: mode11_0HVJ.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: mode11_0HVJ.exeVirustotal: Detection: 22%
                Source: mode11_0HVJ.exeReversingLabs: Detection: 15%
                Source: mode11_0HVJ.exeString found in binary or memory: _cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevruntime: mcall function returnedruntime: newstack called from g=runtime: stack split at bad timepanic while printing panic valueruntime: setevent failed; errno=runtime.semasleep wait_abandoned" not supported for cpu option "MapIter.Value called before Nextuse of closed network connectioncrypto/aes: output not full blockCryptAcquireCertificatePrivateKeyGetVolumeNameForVolumeMountPointWInitializeProcThreadAttributeListSetupDiGetDeviceRegistryPropertyWSetupDiSetDeviceRegistryPropertyW142108547152020037174224853515625710542735760100185871124267578125too many levels of symbolic linksslice bounds out of range [%x:%y]base outside usable address spaceruntime: memory allocated by OS [misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspinningfreeing stack not in a stack spanstackalloc not on scheduler stackruntime: goroutine stack exceeds runtime: text offset out of rangetimer period must be non-negativetoo many concurrent timer firingsruntime: name offset out of rangeruntime: type offset out of rangeGODEBUG: no value specified for "reflect: slice index out of range of method on nil interface valuereflect: Field index out of rangereflect: array index out of rangewaiting for unsupported file typecrypto/aes: invalid buffer overlapillegal base64 data at input byte CM_Get_Device_Interface_List_SizeWSetFileCompletionNotificationModes3552713678800500929355621337890625too many references: cannot spliceslice bounds out of range [:%x:%y]slice bounds out of range [%x:%y:]out of memory allocating allArenas/memory/classes/heap/objects:bytesruntime.SetFinalizer: cannot pass too many pages allocated in chunk?mspan.ensureSwept: m is not lockedruntime: source value is too largeVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning with local workentersyscallblock inconsistent bp entersyscallblock inconsistent sp runtime: g is running but p is notreflect: Field of non-struct type reflect: Field index out of boundsreflect: string index out of rangeunexpected runtime.netpoll error: encoding/hex: odd length hex stringSubscribeServiceChangeNotifications1776356839400250464677810668945312588817841970012523233890533447265625ryuFtoaFixed32 called with prec > 9network dropped connection on resettransport endpoint is not connectedpersistentalloc: align is too large/memory/classes/heap/released:bytesgreyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid
                Source: mode11_0HVJ.exeString found in binary or memory: _cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevruntime: mcall function returnedruntime: newstack called from g=runtime: stack split at bad timepanic while printing panic valueruntime: setevent failed; errno=runtime.semasleep wait_abandoned" not supported for cpu option "MapIter.Value called before Nextuse of closed network connectioncrypto/aes: output not full blockCryptAcquireCertificatePrivateKeyGetVolumeNameForVolumeMountPointWInitializeProcThreadAttributeListSetupDiGetDeviceRegistryPropertyWSetupDiSetDeviceRegistryPropertyW142108547152020037174224853515625710542735760100185871124267578125too many levels of symbolic linksslice bounds out of range [%x:%y]base outside usable address spaceruntime: memory allocated by OS [misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspinningfreeing stack not in a stack spanstackalloc not on scheduler stackruntime: goroutine stack exceeds runtime: text offset out of rangetimer period must be non-negativetoo many concurrent timer firingsruntime: name offset out of rangeruntime: type offset out of rangeGODEBUG: no value specified for "reflect: slice index out of range of method on nil interface valuereflect: Field index out of rangereflect: array index out of rangewaiting for unsupported file typecrypto/aes: invalid buffer overlapillegal base64 data at input byte CM_Get_Device_Interface_List_SizeWSetFileCompletionNotificationModes3552713678800500929355621337890625too many references: cannot spliceslice bounds out of range [:%x:%y]slice bounds out of range [%x:%y:]out of memory allocating allArenas/memory/classes/heap/objects:bytesruntime.SetFinalizer: cannot pass too many pages allocated in chunk?mspan.ensureSwept: m is not lockedruntime: source value is too largeVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning with local workentersyscallblock inconsistent bp entersyscallblock inconsistent sp runtime: g is running but p is notreflect: Field of non-struct type reflect: Field index out of boundsreflect: string index out of rangeunexpected runtime.netpoll error: encoding/hex: odd length hex stringSubscribeServiceChangeNotifications1776356839400250464677810668945312588817841970012523233890533447265625ryuFtoaFixed32 called with prec > 9network dropped connection on resettransport endpoint is not connectedpersistentalloc: align is too large/memory/classes/heap/released:bytesgreyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid
                Source: mode11_0HVJ.exeString found in binary or memory: net/addrselect.go
                Source: unknownProcess created: C:\Users\user\Desktop\mode11_0HVJ.exe "C:\Users\user\Desktop\mode11_0HVJ.exe"
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeSection loaded: powrprof.dllJump to behavior
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeSection loaded: umpdc.dllJump to behavior
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
                Source: mode11_0HVJ.exeStatic file information: File size 4929024 > 1048576
                Source: mode11_0HVJ.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x2dac00
                Source: mode11_0HVJ.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                Source: mode11_0HVJ.exeStatic PE information: section name: .xdata
                Source: mode11_0HVJ.exeStatic PE information: section name: /4
                Source: mode11_0HVJ.exeStatic PE information: section name: /19
                Source: mode11_0HVJ.exeStatic PE information: section name: /32
                Source: mode11_0HVJ.exeStatic PE information: section name: /46
                Source: mode11_0HVJ.exeStatic PE information: section name: /65
                Source: mode11_0HVJ.exeStatic PE information: section name: /78
                Source: mode11_0HVJ.exeStatic PE information: section name: /90
                Source: mode11_0HVJ.exeStatic PE information: section name: .symtab
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeCode function: 0_2_0000020CD517776C push 0000006Ah; retf 0_2_0000020CD5177784
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeCode function: 0_2_0000020CD694A71E push cs; retf 0_2_0000020CD694A71F
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeCode function: 0_2_0000020CD696B84F push ebp; iretd 0_2_0000020CD696B850
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeCode function: 0_2_0000020CD696B86F push ebp; iretd 0_2_0000020CD696B870
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeCode function: 0_2_0000020CD694BD58 push ebp; iretd 0_2_0000020CD694BD59
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeCode function: 0_2_0000020CD694A35D push edi; iretd 0_2_0000020CD694A35E
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeCode function: 0_2_0000020CD69703FC push ebp; iretd 0_2_0000020CD6970401
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeCode function: 0_2_0000020CD694C91C pushad ; retf 0_2_0000020CD694C91D
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeCode function: 0_2_0000020CD696B898 push ebp; iretd 0_2_0000020CD696B899
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeCode function: 0_2_0000020CD6950901 push ebx; iretd 0_2_0000020CD6950902
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FD5C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWpQ
                Source: mode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDE4000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDE4000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469201722.0000020C8FDE4000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDE4000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDE4000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2210757341.0000020C8FDE4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FD5C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWK
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeCode function: 0_2_0000020CD6955E28 GetUserNameA,strrchr,_snprintf,0_2_0000020CD6955E28
                Source: C:\Users\user\Desktop\mode11_0HVJ.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Remote Access Functionality

                barindex
                Yara detected CobaltStrike
                Source: Yara matchFile source: 0.2.mode11_0HVJ.exe.20cd5140000.11.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.mode11_0HVJ.exe.c000102000.7.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.3418911823.000000C000102000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: mode11_0HVJ.exe PID: 2828, type: MEMORYSTR
                Source: Yara matchFile source: 0.2.mode11_0HVJ.exe.20cd5140000.11.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                Command and Scripting Interpreter                		1
                DLL Side-Loading                		1
                Process Injection                		1
                Process Injection                		OS Credential Dumping1
                Security Software Discovery                		Remote Services1
                Archive Collected Data                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                DLL Side-Loading                		1
                Obfuscated Files or Information                		LSASS Memory1
                Account Discovery                		Remote Desktop ProtocolData from Removable Media1
                Non-Standard Port                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
                Software Packing                		Security Account Manager1
                System Owner/User Discovery                		SMB/Windows Admin SharesData from Network Shared Drive1
                Ingress Tool Transfer                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                DLL Side-Loading                		NTDS2
                System Information Discovery                		Distributed Component Object ModelInput Capture1
                Non-Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsInternet Connection DiscoverySSHKeylogging11
                Application Layer Protocol                		Scheduled TransferData Encrypted for Impact

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                mode11_0HVJ.exe22%VirustotalBrowse
                mode11_0HVJ.exe16%ReversingLabs

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://632313373.xyz:8443/js/jquery-3.3.1.min.jsd100%Avira URL Cloudmalware
                https://632313373.xyz:8443/js/jquery-3.3.1.min.js$R100%Avira URL Cloudmalware
                https://632313373.xyz:8443/js/jquery-3.3.1.min.jsa69?100%Avira URL Cloudmalware
                https://632313373.xyz:8443/js/jquery-3.3.1.min.js3011b87bd06H100%Avira URL Cloudmalware
                https://632313373.xyz:8443/js/jquery-3.3.1.min.jsderT100%Avira URL Cloudmalware
                https://632313373.xyz:8443/js/jquery-3.3.1.min.jsderL100%Avira URL Cloudmalware
                https://632313373.xyz:8443/js/jquery-3.3.1.min.jss1100%Avira URL Cloudmalware
                https://632313373.xyz:8443/js/jquery-3.3.1.min.jsL100%Avira URL Cloudmalware
                https://632313373.xyz:8443/js/jquery-3.3.1.min.jsH100%Avira URL Cloudmalware
                https://632313373.xyz:8443/js/jquery-3.3.1.min.js23.140.1.2.11.3.6.1.5.5.7.3.11.3.6.1.5.5.7.3.21.3.6100%Avira URL Cloudmalware
                https://632313373.xyz:8443/js/jquery-3.3.1.min.jsT100%Avira URL Cloudmalware
                https://632313373.xyz:8443/soft100%Avira URL Cloudmalware
                https://632313373.xyz:8443/js/jquery-3.3.1.min.jsnR100%Avira URL Cloudmalware
                https://632313373.xyz:8443/js/jquery-3.3.1.min.jsP100%Avira URL Cloudmalware
                https://632313373.xyz:8443/;100%Avira URL Cloudmalware
                https://632313373.xyz:8443/js/jquery-3.3.1.min.jsder8100%Avira URL Cloudmalware
                https://632313373.xyz:8443/js/jquery-3.3.1.min.js100%Avira URL Cloudmalware
                https://632313373.xyz:8443/D100%Avira URL Cloudmalware
                https://632313373.xyz:8443/100%Avira URL Cloudmalware
                https://632313373.xyz:8443/js/jquery-3.3.1.min.jsj100%Avira URL Cloudmalware
                https://632313373.xyz:8443/js/jquery-3.3.1.min.js6.1.0100%Avira URL Cloudmalware
                https://632313373.xyz:8443/js/jquery-3.3.1.min.jsdc66f220428100%Avira URL Cloudmalware
                https://632313373.xyz:8443/#100%Avira URL Cloudmalware
                https://632313373.xyz:8443/4100%Avira URL Cloudmalware
                https://632313373.xyz:8443/js/jquery-3.3.1.min.jsJSb100%Avira URL Cloudmalware
                https://632313373.xyz:8443/js/jquery-3.3.1.min.jstR100%Avira URL Cloudmalware
                https://632313373.xyz:8443/js/jquery-3.3.1.min.js3011b87bd06100%Avira URL Cloudmalware
                https://632313373.xyz:8443/js/jquery-3.3.1.min.js3/100%Avira URL Cloudmalware
                https://632313373.xyz:8443/js/jquery-3.3.1.min.jsder(100%Avira URL Cloudmalware
                https://632313373.xyz:8443/js/jquery-3.3.1.min.jsnt:100%Avira URL Cloudmalware
                https://632313373.xyz:8443/js/jquery-3.3.1.min.js8100%Avira URL Cloudmalware
                https://632313373.xyz:8443/js/jquery-3.3.1.min.jsd/100%Avira URL Cloudmalware
                https://632313373.xyz:8443/js/jquery-3.3.1.min.jsdez100%Avira URL Cloudmalware
                https://632313373.xyz:8443/js/jquery-3.3.1.min.jsderz100%Avira URL Cloudmalware
                https://632313373.xyz:8443/js/jquery-3.3.1.min.jsVEZ/100%Avira URL Cloudmalware
                https://632313373.xyz/100%Avira URL Cloudmalware
                https://632313373.xyz:8443/js/jquery-3.3.1.min.js2Rz100%Avira URL Cloudmalware
                https://632313373.xyz:8443/js/jquery-3.3.1.min.jsderp100%Avira URL Cloudmalware
                https://632313373.xyz:8443/js/jquery-3.3.1.min.jsder100%Avira URL Cloudmalware
                632313373.xyz100%Avira URL Cloudmalware

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                632313373.xyz
                		188.114.96.3
                		truefalse
                  		high

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  632313373.xyztrue
                  • Avira URL Cloud: malware
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  https://632313373.xyz:8443/js/jquery-3.3.1.min.jsderTmode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  http://o.pki.goog/s/we1/lk00%mode11_0HVJ.exe, 00000000.00000003.2211740532.0000020C8FE2B000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2210757341.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900653373.0000020C8FE34000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FD5C000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2598153642.0000020C8FE33000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2699718665.0000020C8FE28000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FE32000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDE4000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FE2A000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FE28000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2699773172.0000020C8FE31000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2210757341.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://632313373.xyz:8443/js/jquery-3.3.1.min.js$Rmode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDC8000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469201722.0000020C8FDC8000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    https://632313373.xyz:8443/js/jquery-3.3.1.min.jsa69?mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FD5C000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    https://632313373.xyz:8443/js/jquery-3.3.1.min.jsdmode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    https://632313373.xyz:8443/js/jquery-3.3.1.min.jsderLmode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    https://632313373.xyz:8443/js/jquery-3.3.1.min.js3011b87bd06Hmode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    https://632313373.xyz:8443/js/jquery-3.3.1.min.jsLmode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2210757341.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    https://632313373.xyz:8443/js/jquery-3.3.1.min.jss1mode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    https://632313373.xyz:8443/js/jquery-3.3.1.min.jsHmode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    https://632313373.xyz:8443/js/jquery-3.3.1.min.js23.140.1.2.11.3.6.1.5.5.7.3.11.3.6.1.5.5.7.3.21.3.6mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    https://632313373.xyz:8443/js/jquery-3.3.1.min.jsTmode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    https://632313373.xyz:8443/softmode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    https://632313373.xyz:8443/js/jquery-3.3.1.min.jsPmode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2210757341.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    https://www.google.com/what?indextype=1&__cfduid=mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FD5C000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://632313373.xyz:8443/js/jquery-3.3.1.min.jsnRmode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDC8000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: malware
                      		unknown
                      https://632313373.xyz:8443/;mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: malware
                      		unknown
                      https://632313373.xyz:8443/js/jquery-3.3.1.min.jsder8mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: malware
                      		unknown
                      https://632313373.xyz:8443/js/jquery-3.3.1.min.jsmode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: malware
                      		unknown
                      https://632313373.xyz:8443/mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: malware
                      		unknown
                      https://632313373.xyz:8443/Dmode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: malware
                      		unknown
                      http://c.pki.goog/r/r4.crl0mode11_0HVJ.exe, 00000000.00000003.2211740532.0000020C8FE2B000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2210757341.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2276227424.0000020C8FE2B000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDE4000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900653373.0000020C8FE34000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FD5C000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2598153642.0000020C8FE33000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2699718665.0000020C8FE28000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FE26000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FE28000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FE32000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDE4000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469201722.0000020C8FDE4000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDE4000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        http://i.pki.goog/r4.crt0mode11_0HVJ.exe, 00000000.00000003.2211740532.0000020C8FE2B000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2210757341.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2276227424.0000020C8FE2B000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDE4000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900653373.0000020C8FE34000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FD5C000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2598153642.0000020C8FE33000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2699718665.0000020C8FE28000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FE26000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FE28000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FE32000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDE4000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469201722.0000020C8FDE4000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDE4000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://632313373.xyz:8443/js/jquery-3.3.1.min.jsjmode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: malware
                          		unknown
                          https://632313373.xyz:8443/js/jquery-3.3.1.min.js6.1.0mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: malware
                          		unknown
                          https://632313373.xyz:8443/js/jquery-3.3.1.min.jsdc66f220428mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDC8000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: malware
                          		unknown
                          https://632313373.xyz:8443/js/jquery-3.3.1.min.jshmode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            https://632313373.xyz:8443/js/jquery-3.3.1.min.jstmode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpfalse
                              		unknown
                              https://www.google.com/what?indextype=1&__cfduid=iZutOoz8VIbmW2JLwtU8s4CZ2zyz0rN1h0jjQK6RieH4Jo2QhA0mode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDC3000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2210757341.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469201722.0000020C8FDC8000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://632313373.xyz:8443/4mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: malware
                                		unknown
                                https://632313373.xyz:8443/js/jquery-3.3.1.min.jspmode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://632313373.xyz:8443/#mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://632313373.xyz:8443/js/jquery-3.3.1.min.jsJSbmode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://i.pki.goog/we1.crt0mode11_0HVJ.exe, 00000000.00000003.2211740532.0000020C8FE2B000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2210757341.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900653373.0000020C8FE34000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FD5C000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2598153642.0000020C8FE33000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2699718665.0000020C8FE28000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FE32000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDE4000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FE2A000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FE28000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2699773172.0000020C8FE31000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2210757341.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://632313373.xyz:8443/js/jquery-3.3.1.min.js3011b87bd06mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://c.pki.goog/r/gsr1.crl0mode11_0HVJ.exe, 00000000.00000003.2211740532.0000020C8FE2B000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2210757341.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900653373.0000020C8FE34000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FD5C000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2598153642.0000020C8FE33000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2699718665.0000020C8FE28000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDC8000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FE32000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FE2A000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FE28000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2699773172.0000020C8FE31000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2210757341.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469201722.0000020C8FDC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://632313373.xyz:8443/js/jquery-3.3.1.min.jstRmode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      https://632313373.xyz:8443/js/jquery-3.3.1.min.js3/mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      https://632313373.xyz:8443/js/jquery-3.3.1.min.jsder(mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      https://632313373.xyz:8443/js/jquery-3.3.1.min.jsnt:mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      https://632313373.xyz:8443/js/jquery-3.3.1.min.js8mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      https://632313373.xyz:8443/js/jquery-3.3.1.min.jsd/mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDA5000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      https://632313373.xyz:8443/js/jquery-3.3.1.min.jsderzmode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://c.pki.goog/we1/PCUeQViQlYc.crl0mode11_0HVJ.exe, 00000000.00000003.2211740532.0000020C8FE2B000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2210757341.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900653373.0000020C8FE34000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FD5C000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2598153642.0000020C8FE33000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2699718665.0000020C8FE28000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FE32000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDE4000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FE2A000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FE28000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2699773172.0000020C8FE31000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2210757341.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://632313373.xyz:8443/js/jquery-3.3.1.min.jsDmode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          http://i.pki.goog/gsr1.crt0-mode11_0HVJ.exe, 00000000.00000003.2211740532.0000020C8FE2B000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2210757341.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900653373.0000020C8FE34000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FD5C000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2598153642.0000020C8FE33000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2699718665.0000020C8FE28000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDC8000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FE32000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2276135170.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2312173206.0000020C8FE2A000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FE28000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2699773172.0000020C8FE31000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2210757341.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469201722.0000020C8FDC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://632313373.xyz:8443/js/jquery-3.3.1.min.jsdezmode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: malware
                                            		unknown
                                            https://632313373.xyz:8443/js/jquery-3.3.1.min.jsVEZ/mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDA5000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: malware
                                            		unknown
                                            https://632313373.xyz/mode11_0HVJ.exe, 00000000.00000003.2469201722.0000020C8FDC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: malware
                                            		unknown
                                            https://632313373.xyz:8443/js/jquery-3.3.1.min.js2Rzmode11_0HVJ.exe, 00000000.00000003.2329065681.0000020C8FDC5000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000002.3419387618.0000020C8FDC8000.00000004.00000020.00020000.00000000.sdmp, mode11_0HVJ.exe, 00000000.00000003.2469201722.0000020C8FDC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: malware
                                            		unknown
                                            https://632313373.xyz:8443/js/jquery-3.3.1.min.jsderpmode11_0HVJ.exe, 00000000.00000003.2900521620.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: malware
                                            		unknown
                                            https://632313373.xyz:8443/js/jquery-3.3.1.min.jsdermode11_0HVJ.exe, 00000000.00000003.2469092679.0000020C8FDF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: malware
                                            		unknown

                                            World Map of Contacted IPs

                                            • No. of IPs < 25%
                                            • 25% < No. of IPs < 50%
                                            • 50% < No. of IPs < 75%
                                            • 75% < No. of IPs

                                            Public IPs

                                            IPDomainCountryFlagASNASN NameMalicious
                                            188.114.96.3
                                            		632313373.xyzEuropean Union
                                            		13335CLOUDFLARENETUSfalse

                                            General Information

                                            Joe Sandbox version:41.0.0 Charoite
                                            Analysis ID:1583725
                                            Start date and time:2025-01-03 13:09:22 +01:00
                                            Joe Sandbox product:CloudBasic
                                            Overall analysis duration:0h 4m 41s
                                            Hypervisor based Inspection enabled:false
                                            Report type:full
                                            Cookbook file name:default.jbs
                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                            Number of analysed new started processes analysed:6
                                            Number of new started drivers analysed:0
                                            Number of existing processes analysed:0
                                            Number of existing drivers analysed:0
                                            Number of injected processes analysed:0
                                            Technologies:
                                            • HCA enabled
                                            • EGA enabled
                                            • AMSI enabled
                                            Analysis Mode:default
                                            Analysis stop reason:Timeout
                                            Sample name:mode11_0HVJ.exe
                                            Detection:MAL
                                            Classification:mal100.troj.winEXE@2/0@1/1
                                            EGA Information:
                                            • Successful, ratio: 100%
                                            HCA Information:Failed
                                            Cookbook Comments:
                                            • Found application associated with file extension: .exe

                                            Warnings

                                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                            • Excluded IPs from analysis (whitelisted): 13.107.246.45, 172.202.163.200
                                            • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                            • Not all processes where analyzed, report is missing behavior information
                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                            • Report size getting too big, too many NtQueryValueKey calls found.

                                            Simulations

                                            Behavior and APIs

                                            TimeTypeDescription
                                            07:10:22API Interceptor60x Sleep call for process: mode11_0HVJ.exe modified

                                            Joe Sandbox View / Context

                                            IPs

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            188.114.96.3Gg6wivFINd.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                            • unasnetds.ru/eternalPython_RequestUpdateprocessAuthSqlTrafficTemporary.php
                                            QUOTATION_NOVQTRA071244#U00b7PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                            • filetransfer.io/data-package/u7ghXEYp/download
                                            CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                            • www.mffnow.info/1a34/
                                            A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                            • www.mydreamdeal.click/1ag2/
                                            SWIFT COPY 0028_pdf.exeGet hashmaliciousFormBookBrowse
                                            • www.questmatch.pro/ipd6/
                                            QUOTATION_NOVQTRA071244PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                            • filetransfer.io/data-package/I7fmQg9d/download
                                            need quotations.exeGet hashmaliciousFormBookBrowse
                                            • www.rtpwslot888gol.sbs/jmkz/
                                            QUOTATION_NOVQTRA071244PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                            • filetransfer.io/data-package/Bh1Kj4RD/download
                                            http://kklk16.bsyo45ksda.topGet hashmaliciousUnknownBrowse
                                            • kklk16.bsyo45ksda.top/favicon.ico
                                            QUOTATION_NOVQTRA071244#U00faPDF.scr.exeGet hashmaliciousUnknownBrowse
                                            • filetransfer.io/data-package/XrlEIxYp/download

                                            Domains

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            632313373.xyzmode11_AKUh.exeGet hashmaliciousCobaltStrikeBrowse
                                            • 188.114.96.3
                                            mode11_qLf2.exeGet hashmaliciousCobaltStrikeBrowse
                                            • 188.114.97.3
                                            mode11_UVo6.exeGet hashmaliciousCobaltStrikeBrowse
                                            • 188.114.96.3
                                            mode11_buqd.exeGet hashmaliciousCobaltStrikeBrowse
                                            • 188.114.96.3
                                            mode11_N1Fz.exeGet hashmaliciousCobaltStrikeBrowse
                                            • 188.114.96.3
                                            m.exeGet hashmaliciousCobaltStrikeBrowse
                                            • 188.114.97.3
                                            svchostinter.exeGet hashmaliciousCobaltStrikeBrowse
                                            • 172.67.175.230

                                            ASNs

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            CLOUDFLARENETUShttps://goatstuff.sbs/re5.mp4Get hashmaliciousUnknownBrowse
                                            • 188.114.96.3
                                            mode11_AKUh.exeGet hashmaliciousCobaltStrikeBrowse
                                            • 188.114.96.3
                                            mode11_qLf2.exeGet hashmaliciousCobaltStrikeBrowse
                                            • 188.114.97.3
                                            mode11_UVo6.exeGet hashmaliciousCobaltStrikeBrowse
                                            • 188.114.96.3
                                            mode11_buqd.exeGet hashmaliciousCobaltStrikeBrowse
                                            • 188.114.96.3
                                            mode11_N1Fz.exeGet hashmaliciousCobaltStrikeBrowse
                                            • 188.114.96.3
                                            http://t1.awagama2.orgGet hashmaliciousUnknownBrowse
                                            • 188.114.96.3
                                            m.exeGet hashmaliciousCobaltStrikeBrowse
                                            • 188.114.97.3
                                            http://www.escudier-sas.frGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                            • 104.18.11.207
                                            Gg6wivFINd.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                            • 188.114.96.3

                                            JA3 Fingerprints

                                            No context

                                            Dropped Files

                                            No context

                                            Created / dropped Files

                                            No created / dropped files found

                                            Static File Info

                                            General

                                            File type:PE32+ executable (console) x86-64, for MS Windows
                                            Entropy (8bit):7.091689249175029
                                            TrID:
                                            • Win64 Executable Console (202006/5) 92.65%
                                            • Win64 Executable (generic) (12005/4) 5.51%
                                            • Generic Win/DOS Executable (2004/3) 0.92%
                                            • DOS Executable Generic (2002/1) 0.92%
                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                            File name:mode11_0HVJ.exe
                                            File size:4'929'024 bytes
                                            MD5:253d6bafccbca3b73532be37524c551e
                                            SHA1:397a0439ade31dc54b5bb288b8cd29ee3480e3e8
                                            SHA256:3625fddc2687c086d6d4a4300b03d4a2492acf8e843697f57830bb40956f495a
                                            SHA512:0cb0cd8b32b3085e4746237e85334358562e7c9fb6aad57a352e3083912782bfdd1722fdc59e0b7f62831ea5ece8049610a02d8b4554e4cb0bd44768a08e6408
                                            SSDEEP:49152:tNRXQ7qCnFXnjjC4mkZMyITWt1U4yP21Qsq8VT/0+2Tw20QiaFs/pSimp3ZSbQu8:tkDNSdspSfp34M
                                            TLSH:F836DF0B6CE118B9C0A993328AB756967A71BC090F3263D72E50B37C3F76BD49936744
                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d........FI......."..........n................@..............................@P...........`... ............................

                                            File Icon

                                            Icon Hash:00928e8e8686b000

                                            Static PE Info

                                            General

                                            Entrypoint:0x46ec80
                                            Entrypoint Section:.text
                                            Digitally signed:false
                                            Imagebase:0x400000
                                            Subsystem:windows cui
                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                            Time Stamp:0x0 [Thu Jan 1 00:00:00 1970 UTC]
                                            TLS Callbacks:
                                            CLR (.Net) Version:
                                            OS Version Major:6
                                            OS Version Minor:1
                                            File Version Major:6
                                            File Version Minor:1
                                            Subsystem Version Major:6
                                            Subsystem Version Minor:1
                                            Import Hash:d42595b695fc008ef2c56aabd8efd68e

                                            Entrypoint Preview

                                            Instruction
                                            jmp 00007FC965052830h
                                            int3
                                            int3
                                            int3
                                            int3
                                            int3
                                            int3
                                            int3
                                            int3
                                            int3
                                            int3
                                            int3
                                            int3
                                            int3
                                            int3
                                            int3
                                            int3
                                            int3
                                            int3
                                            int3
                                            int3
                                            int3
                                            int3
                                            int3
                                            int3
                                            int3
                                            int3
                                            int3
                                            push ebp
                                            dec eax
                                            mov ebp, esp
                                            pushfd
                                            cld
                                            dec eax
                                            sub esp, 000000E0h
                                            dec eax
                                            mov dword ptr [esp], edi
                                            dec eax
                                            mov dword ptr [esp+08h], esi
                                            dec eax
                                            mov dword ptr [esp+10h], ebp
                                            dec eax
                                            mov dword ptr [esp+18h], ebx
                                            dec esp
                                            mov dword ptr [esp+20h], esp
                                            dec esp
                                            mov dword ptr [esp+28h], ebp
                                            dec esp
                                            mov dword ptr [esp+30h], esi
                                            dec esp
                                            mov dword ptr [esp+38h], edi
                                            movups dqword ptr [esp+40h], xmm6
                                            movups dqword ptr [esp+50h], xmm7
                                            inc esp
                                            movups dqword ptr [esp+60h], xmm0
                                            inc esp
                                            movups dqword ptr [esp+70h], xmm1
                                            inc esp
                                            movups dqword ptr [esp+00000080h], xmm2
                                            inc esp
                                            movups dqword ptr [esp+00000090h], xmm3
                                            inc esp
                                            movups dqword ptr [esp+000000A0h], xmm4
                                            inc esp
                                            movups dqword ptr [esp+000000B0h], xmm5
                                            inc esp
                                            movups dqword ptr [esp+000000C0h], xmm6
                                            inc esp
                                            movups dqword ptr [esp+000000D0h], xmm7
                                            inc ebp
                                            xorps xmm7, xmm7
                                            dec ebp
                                            xor esi, esi
                                            dec eax
                                            mov eax, dword ptr [003857B2h]
                                            dec eax
                                            mov eax, dword ptr [eax]
                                            dec eax
                                            cmp eax, 00000000h
                                            je 00007FC9650560D5h
                                            dec esp
                                            mov esi, dword ptr [eax]
                                            dec eax
                                            sub esp, 10h
                                            dec eax
                                            mov eax, ecx
                                            dec eax
                                            mov ebx, edx
                                            call 00007FC9650606ABh

                                            Data Directories

                                            NameVirtual AddressVirtual Size Is in Section
                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x4df0000x53e.idata
                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x3f80000x5370.pdata
                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x4e00000x4998.reloc
                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IAT0x3981400x178.data
                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                            Sections

                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                            .text0x10000xbbbfc0xbbc009b40834ed2e69274deb800e3b3a91897False0.4750775008322237data6.26549165766643IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                            .rdata0xbd0000x2daa600x2dac00416a06f6e21ea23d71d9f391279e8de7unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            .data0x3980000x5fde00x16e00dc565111c4c109cef9d379a17c4fb6bcFalse0.2851775956284153data3.198521971018934IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                            .pdata0x3f80000x53700x5400fc3b99f47d06069d9ec70b0231e784c4False0.4015997023809524data5.217699495435684IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            .xdata0x3fe0000xb40x200d5a432b15ea1de5871ba1b040f244088False0.228515625shared library1.787112262798912IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            /40x3ff0000x14c0x200aaf28638a5fca2ae9b61c2d0ecb5c6e7False0.697265625data5.610479515469117IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                            /190x4000000x299690x29a00e4e4b22a80efee8001a05401f31863c6False0.9997477946696697data7.995589767944992IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                            /320x42a0000x84ff0x8600582b1e7243dd782f942e6c77d340b256False0.9919834421641791data7.930104690064365IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                            /460x4330000x180x20087b999fb861257d2ce3244b153dfddd2False0.05859375data0.44028372993819864IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                            /650x4340000x71bb70x71c00319bdaa6a6e6ebb755bde0cb6e7b24eaFalse1.0002253605769231data7.9978144848687345IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                            /780x4a60000x292540x29400df4dc3e2c58412dbce7562f34bd85fb9False0.9947857481060606data7.989700372903226IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                            /900x4d00000xee160xf000e560c8c21e47c6e8d33053503c1909ccFalse0.968505859375data7.794718211622298IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                            .idata0x4df0000x53e0x600f5afad0703f2aeb60342cd8fa783751cFalse0.3763020833333333OpenPGP Public Key4.0016344153043475IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                            .reloc0x4e00000x49980x4a0046f2016ce2e595f91dd55afddd06a0e6False0.31228885135135137data5.410806733395624IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                            .symtab0x4e50000x1eef50x1f0004fbe8d8324a78a4485e900baca1512deFalse0.2525516633064516data5.0904301587464555IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                            Imports

                                            DLLImport
                                            kernel32.dllWriteFile, WriteConsoleW, WerSetFlags, WerGetFlags, WaitForMultipleObjects, WaitForSingleObject, VirtualQuery, VirtualFree, VirtualAlloc, TlsAlloc, SwitchToThread, SuspendThread, SetWaitableTimer, SetProcessPriorityBoost, SetEvent, SetErrorMode, SetConsoleCtrlHandler, RtlVirtualUnwind, RtlLookupFunctionEntry, ResumeThread, RaiseFailFastException, PostQueuedCompletionStatus, LoadLibraryW, LoadLibraryExW, SetThreadContext, GetThreadContext, GetSystemInfo, GetSystemDirectoryA, GetStdHandle, GetQueuedCompletionStatusEx, GetProcessAffinityMask, GetProcAddress, GetErrorMode, GetEnvironmentStringsW, GetCurrentThreadId, GetConsoleMode, FreeEnvironmentStringsW, ExitProcess, DuplicateHandle, CreateWaitableTimerExW, CreateThread, CreateIoCompletionPort, CreateEventA, CloseHandle, AddVectoredExceptionHandler, AddVectoredContinueHandler

                                            Network Behavior

                                            Network Port Distribution

                                            TCP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Jan 3, 2025 13:10:21.675982952 CET497128443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:21.680810928 CET844349712188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:21.680974007 CET497128443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:21.717068911 CET497128443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:21.721911907 CET844349712188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:22.158802032 CET844349712188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:22.158821106 CET844349712188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:22.158832073 CET844349712188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:22.158972979 CET497128443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:22.186381102 CET497128443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:22.191241980 CET844349712188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:22.284476042 CET844349712188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:22.286314011 CET497128443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:22.341087103 CET497128443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:22.346055031 CET844349712188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:23.490922928 CET844349712188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:23.490937948 CET844349712188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:23.490942955 CET844349712188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:23.490948915 CET844349712188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:23.490962029 CET844349712188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:23.490967989 CET844349712188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:23.490972996 CET844349712188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:23.491034985 CET497128443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:23.491085052 CET497128443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:23.491092920 CET844349712188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:23.491499901 CET497128443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:23.597712994 CET497138443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:23.603269100 CET844349713188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:23.605150938 CET497138443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:23.613311052 CET497138443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:23.618849039 CET844349713188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:24.082591057 CET844349713188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:24.085131884 CET497138443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:24.085771084 CET497138443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:24.086833954 CET497138443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:24.090590000 CET844349713188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:24.091671944 CET844349713188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:25.188700914 CET844349713188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:25.188724041 CET844349713188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:25.188740015 CET844349713188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:25.188751936 CET844349713188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:25.188764095 CET844349713188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:25.188776016 CET844349713188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:25.188781977 CET497138443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:25.188810110 CET497138443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:25.188854933 CET497138443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:30.160017967 CET497128443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:30.160671949 CET497318443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:30.165014029 CET844349712188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:30.165083885 CET497128443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:30.165559053 CET844349731188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:30.165633917 CET497318443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:30.165894985 CET497318443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:30.170687914 CET844349731188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:30.649770021 CET844349731188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:30.649867058 CET497318443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:30.650583982 CET497318443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:30.651642084 CET497318443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:30.655350924 CET844349731188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:30.656450987 CET844349731188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:31.728828907 CET844349731188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:31.728852034 CET844349731188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:31.728863001 CET844349731188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:31.728873968 CET844349731188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:31.728885889 CET844349731188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:31.728895903 CET844349731188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:31.728950977 CET497318443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:31.728984118 CET497318443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:31.847150087 CET497138443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:31.847558975 CET497438443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:31.852082014 CET844349713188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:31.852154970 CET497138443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:31.852375031 CET844349743188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:31.852437973 CET497438443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:31.852670908 CET497438443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:31.857470036 CET844349743188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:32.298821926 CET844349743188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:32.299009085 CET497438443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:32.299631119 CET497438443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:32.300920963 CET497438443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:32.304409981 CET844349743188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:32.305643082 CET844349743188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:33.421896935 CET844349743188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:33.421946049 CET844349743188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:33.421957016 CET844349743188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:33.421973944 CET844349743188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:33.421973944 CET497438443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:33.421987057 CET844349743188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:33.421998978 CET844349743188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:33.422000885 CET497438443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:33.422044039 CET497438443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:33.534724951 CET497318443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:33.535288095 CET497588443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:33.539592981 CET844349731188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:33.539680004 CET497318443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:33.540132999 CET844349758188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:33.540203094 CET497588443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:33.540488958 CET497588443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:33.545305967 CET844349758188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:34.014961958 CET844349758188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:34.015110970 CET497588443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:34.210437059 CET497588443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:34.211895943 CET497588443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:34.215189934 CET844349758188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:34.216689110 CET844349758188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:35.332762957 CET844349758188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:35.332776070 CET844349758188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:35.332791090 CET844349758188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:35.332803965 CET844349758188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:35.332813025 CET844349758188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:35.332827091 CET844349758188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:35.332838058 CET844349758188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:35.332853079 CET497588443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:35.332906008 CET497588443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:35.456576109 CET497438443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:35.457161903 CET497698443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:35.461546898 CET844349743188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:35.461606979 CET497438443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:35.461970091 CET844349769188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:35.462038040 CET497698443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:35.462236881 CET497698443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:35.467010975 CET844349769188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:35.916841984 CET844349769188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:35.916968107 CET497698443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:35.917490959 CET497698443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:35.918559074 CET497698443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:35.922306061 CET844349769188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:35.923366070 CET844349769188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:37.021739006 CET844349769188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:37.021749973 CET844349769188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:37.021768093 CET844349769188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:37.021776915 CET844349769188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:37.021794081 CET844349769188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:37.021802902 CET844349769188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:37.021814108 CET844349769188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:37.021826029 CET844349769188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:37.021851063 CET497698443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:37.021898031 CET497698443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:37.148689032 CET497588443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:37.149209023 CET497808443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:37.153691053 CET844349758188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:37.153752089 CET497588443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:37.154041052 CET844349780188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:37.154107094 CET497808443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:37.154393911 CET497808443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:37.159255028 CET844349780188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:37.619693995 CET844349780188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:37.623327971 CET497808443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:37.623677015 CET497808443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:37.624739885 CET497808443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:37.628536940 CET844349780188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:37.629511118 CET844349780188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:38.773473978 CET844349780188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:38.773542881 CET844349780188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:38.773551941 CET844349780188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:38.773555994 CET497808443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:38.773556948 CET844349780188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:38.773561954 CET844349780188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:38.773566961 CET844349780188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:38.773617029 CET497808443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:38.903932095 CET497698443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:38.904587984 CET497948443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:38.908865929 CET844349769188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:38.908934116 CET497698443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:38.909337997 CET844349794188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:38.909394026 CET497948443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:38.909822941 CET497948443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:38.914601088 CET844349794188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:39.381036997 CET844349794188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:39.381098032 CET497948443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:39.381750107 CET497948443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:39.383124113 CET497948443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:39.386503935 CET844349794188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:39.387866974 CET844349794188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:40.477722883 CET844349794188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:40.477744102 CET844349794188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:40.477756023 CET844349794188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:40.477766991 CET844349794188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:40.477778912 CET844349794188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:40.477818012 CET497948443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:40.477873087 CET497948443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:40.569256067 CET844349794188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:40.569331884 CET497948443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:40.679923058 CET497808443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:40.680345058 CET498108443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:40.684945107 CET844349780188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:40.685012102 CET497808443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:40.685292959 CET844349810188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:40.685894966 CET498108443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:40.686209917 CET498108443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:40.690993071 CET844349810188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:41.158982992 CET844349810188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:41.159055948 CET498108443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:41.159593105 CET498108443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:41.160881996 CET498108443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:41.164393902 CET844349810188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:41.165654898 CET844349810188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:42.258183002 CET844349810188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:42.258196115 CET844349810188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:42.258202076 CET844349810188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:42.258213997 CET844349810188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:42.258224010 CET844349810188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:42.258234978 CET844349810188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:42.258378029 CET498108443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:42.368485928 CET497948443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:42.368926048 CET498218443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:42.373570919 CET844349794188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:42.373706102 CET844349821188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:42.375614882 CET497948443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:42.375621080 CET498218443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:42.375621080 CET498218443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:42.380439997 CET844349821188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:42.849298000 CET844349821188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:42.853183031 CET498218443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:42.853476048 CET498218443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:42.854521036 CET498218443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:42.858273029 CET844349821188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:42.859340906 CET844349821188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:43.946373940 CET844349821188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:43.946403027 CET844349821188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:43.946413994 CET844349821188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:43.946424007 CET844349821188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:43.946434021 CET844349821188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:43.946506977 CET498218443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:43.946549892 CET498218443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:44.038624048 CET844349821188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:44.038707018 CET498218443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:44.149892092 CET498108443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:44.150682926 CET498328443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:44.155066967 CET844349810188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:44.155121088 CET498108443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:44.155659914 CET844349832188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:44.155723095 CET498328443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:44.156071901 CET498328443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:44.161012888 CET844349832188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:44.617834091 CET844349832188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:44.618022919 CET498328443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:44.618495941 CET498328443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:44.619604111 CET498328443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:44.623287916 CET844349832188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:44.624335051 CET844349832188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:45.766336918 CET844349832188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:45.766355991 CET844349832188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:45.766369104 CET844349832188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:45.766379118 CET844349832188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:45.766388893 CET844349832188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:45.766423941 CET498328443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:45.766447067 CET498328443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:45.856096983 CET844349832188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:45.856177092 CET498328443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:45.962392092 CET498218443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:45.962796926 CET498458443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:45.967302084 CET844349821188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:45.967366934 CET498218443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:45.967807055 CET844349845188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:45.967859983 CET498458443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:46.017582893 CET498458443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:46.022516012 CET844349845188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:46.484095097 CET844349845188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:46.484152079 CET498458443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:46.485035896 CET498458443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:46.487149000 CET498458443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:46.489797115 CET844349845188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:46.491920948 CET844349845188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:47.597249031 CET844349845188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:47.597271919 CET844349845188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:47.597292900 CET844349845188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:47.597310066 CET498458443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:47.597337008 CET498458443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:47.597342968 CET498458443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:47.597359896 CET844349845188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:47.597371101 CET844349845188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:47.597382069 CET844349845188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:47.597393036 CET844349845188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:47.597407103 CET498458443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:47.597455978 CET498458443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:47.712249041 CET498328443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:47.712667942 CET498598443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:47.717231989 CET844349832188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:47.717293024 CET498328443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:47.717467070 CET844349859188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:47.717530966 CET498598443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:47.717715979 CET498598443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:47.722505093 CET844349859188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:48.168679953 CET844349859188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:48.168742895 CET498598443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:48.169497013 CET498598443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:48.170721054 CET498598443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:48.174206018 CET844349859188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:48.175503016 CET844349859188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:49.265762091 CET844349859188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:49.265821934 CET498598443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:49.265921116 CET844349859188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:49.265932083 CET844349859188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:49.265942097 CET844349859188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:49.265952110 CET844349859188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:49.265963078 CET844349859188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:49.265985012 CET498598443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:49.266015053 CET498598443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:49.368689060 CET498458443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:49.369256020 CET498708443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:49.373635054 CET844349845188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:49.373758078 CET498458443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:49.374085903 CET844349870188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:49.374242067 CET498708443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:49.374465942 CET498708443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:49.379230022 CET844349870188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:49.849148989 CET844349870188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:49.849245071 CET498708443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:49.849606037 CET498708443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:49.850646973 CET498708443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:49.854321957 CET844349870188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:49.855389118 CET844349870188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:50.921556950 CET844349870188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:50.921577930 CET844349870188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:50.921590090 CET844349870188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:50.921600103 CET844349870188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:50.921612024 CET844349870188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:50.921623945 CET844349870188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:50.921677113 CET498708443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:50.921737909 CET498708443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:51.025007010 CET498598443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:51.029923916 CET844349859188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:51.029987097 CET498598443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:51.039582968 CET498818443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:51.044523954 CET844349881188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:51.044605017 CET498818443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:51.044845104 CET498818443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:51.049602032 CET844349881188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:51.595729113 CET844349881188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:51.595798016 CET498818443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:51.596215963 CET498818443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:51.597151995 CET498818443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:51.601015091 CET844349881188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:51.601907015 CET844349881188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:52.696702957 CET844349881188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:52.696724892 CET844349881188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:52.696734905 CET844349881188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:52.696758032 CET844349881188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:52.696778059 CET498818443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:52.696780920 CET844349881188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:52.696793079 CET844349881188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:52.696801901 CET844349881188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:52.696820974 CET498818443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:52.696834087 CET498818443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:52.696862936 CET498818443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:52.806154966 CET498708443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:52.806552887 CET498948443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:52.811125040 CET844349870188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:52.811394930 CET844349894188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:52.811445951 CET498708443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:52.811486006 CET498948443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:52.811661959 CET498948443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:52.817826033 CET844349894188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:53.268954992 CET844349894188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:53.269016981 CET498948443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:53.269505024 CET498948443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:53.270425081 CET498948443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:53.274285078 CET844349894188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:53.275228977 CET844349894188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:54.381890059 CET844349894188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:54.381903887 CET844349894188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:54.381915092 CET844349894188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:54.381923914 CET844349894188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:54.381934881 CET844349894188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:54.381944895 CET844349894188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:54.381983042 CET498948443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:54.382024050 CET498948443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:54.493622065 CET498818443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:54.494122982 CET499078443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:54.498666048 CET844349881188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:54.498732090 CET498818443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:54.498944044 CET844349907188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:54.499017954 CET499078443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:54.499262094 CET499078443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:54.504025936 CET844349907188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:54.955089092 CET844349907188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:54.955169916 CET499078443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:54.955530882 CET499078443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:54.956549883 CET499078443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:54.960813999 CET844349907188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:54.961961985 CET844349907188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:56.058271885 CET844349907188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:56.058351040 CET499078443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:56.058361053 CET844349907188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:56.058372021 CET844349907188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:56.058382034 CET844349907188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:56.058392048 CET844349907188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:56.058403969 CET844349907188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:56.058404922 CET499078443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:56.058412075 CET844349907188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:56.058430910 CET499078443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:56.058465958 CET499078443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:56.165415049 CET498948443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:56.165894985 CET499198443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:56.170409918 CET844349894188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:56.170474052 CET498948443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:56.170633078 CET844349919188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:56.170706987 CET499198443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:56.170908928 CET499198443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:56.175662041 CET844349919188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:56.645814896 CET844349919188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:56.645874977 CET499198443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:56.646119118 CET499198443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:56.646977901 CET499198443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:56.650873899 CET844349919188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:56.651801109 CET844349919188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:57.743987083 CET844349919188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:57.744003057 CET844349919188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:57.744045973 CET844349919188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:57.744055986 CET844349919188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:57.744066954 CET844349919188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:57.744077921 CET844349919188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:57.744103909 CET499198443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:57.744103909 CET499198443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:57.744143009 CET499198443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:57.853022099 CET499078443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:57.853513002 CET499308443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:57.858011961 CET844349907188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:57.858074903 CET499078443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:57.858305931 CET844349930188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:57.858366966 CET499308443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:57.858581066 CET499308443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:57.863320112 CET844349930188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:58.319677114 CET844349930188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:58.319762945 CET499308443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:58.320338011 CET499308443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:58.321645021 CET499308443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:58.325104952 CET844349930188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:58.326467037 CET844349930188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:59.386349916 CET844349930188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:59.386364937 CET844349930188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:59.386374950 CET844349930188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:59.386384964 CET844349930188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:59.386395931 CET844349930188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:59.386405945 CET844349930188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:59.386408091 CET499308443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:59.386436939 CET499308443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:59.386476994 CET499308443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:59.515810013 CET499198443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:59.520767927 CET844349919188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:59.520865917 CET499198443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:59.523577929 CET499408443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:59.528404951 CET844349940188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:59.528495073 CET499408443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:59.543931961 CET499408443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:59.548820019 CET844349940188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:59.983577967 CET844349940188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:59.983658075 CET499408443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:59.984389067 CET499408443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:59.985945940 CET499408443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:10:59.989176035 CET844349940188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:10:59.990761042 CET844349940188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:01.131438017 CET844349940188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:01.131453037 CET844349940188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:01.131465912 CET844349940188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:01.131477118 CET844349940188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:01.131488085 CET844349940188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:01.131494045 CET499408443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:01.131500959 CET844349940188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:01.131516933 CET844349940188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:01.131536007 CET499408443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:01.131669044 CET499408443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:01.244342089 CET499308443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:01.245142937 CET499518443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:01.249310017 CET844349930188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:01.249363899 CET499308443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:01.249908924 CET844349951188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:01.249972105 CET499518443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:01.250350952 CET499518443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:01.256123066 CET844349951188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:01.705399036 CET844349951188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:01.705600977 CET499518443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:01.705991983 CET499518443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:01.706986904 CET499518443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:02.008950949 CET499518443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:02.618284941 CET499518443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:02.739695072 CET844349951188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:02.739752054 CET499518443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:02.740053892 CET844349951188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:02.740104914 CET499518443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:02.740390062 CET844349951188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:02.740443945 CET499518443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:02.740778923 CET844349951188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:02.740787983 CET844349951188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:02.740796089 CET844349951188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:02.741590023 CET844349951188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:03.820559025 CET844349951188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:03.820617914 CET499518443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:03.820628881 CET844349951188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:03.820640087 CET844349951188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:03.820651054 CET844349951188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:03.820668936 CET844349951188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:03.820678949 CET499518443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:03.820679903 CET844349951188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:03.820733070 CET499518443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:03.931143045 CET499408443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:03.936181068 CET844349940188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:03.936685085 CET499668443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:03.936717987 CET499408443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:03.941519022 CET844349966188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:03.941617012 CET499668443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:03.941925049 CET499668443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:03.946719885 CET844349966188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:04.387512922 CET844349966188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:04.387602091 CET499668443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:04.388010979 CET499668443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:04.388860941 CET499668443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:04.392738104 CET844349966188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:04.393696070 CET844349966188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:05.464581966 CET844349966188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:05.464617014 CET844349966188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:05.464627981 CET844349966188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:05.464646101 CET499668443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:05.464656115 CET844349966188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:05.464669943 CET499668443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:05.464670897 CET844349966188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:05.464684010 CET844349966188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:05.464694023 CET844349966188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:05.464706898 CET499668443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:05.464740992 CET499668443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:05.572021008 CET499518443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:05.572602034 CET499778443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:05.577413082 CET844349977188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:05.577567101 CET844349951188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:05.577591896 CET499778443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:05.577621937 CET499518443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:05.577893019 CET499778443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:05.582674026 CET844349977188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:06.052082062 CET844349977188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:06.052155018 CET499778443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:06.052439928 CET499778443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:06.053374052 CET499778443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:06.057208061 CET844349977188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:06.058201075 CET844349977188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:07.174592018 CET844349977188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:07.174607992 CET844349977188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:07.174618959 CET844349977188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:07.174629927 CET844349977188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:07.174643040 CET844349977188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:07.174649000 CET844349977188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:07.174714088 CET499778443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:07.174762964 CET499778443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:07.290477037 CET499668443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:07.290987015 CET499888443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:07.296407938 CET844349966188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:07.296878099 CET844349988188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:07.296953917 CET499668443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:07.297002077 CET499888443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:07.297287941 CET499888443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:07.302983999 CET844349988188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:07.748347044 CET844349988188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:07.748449087 CET499888443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:07.748876095 CET499888443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:07.749912977 CET499888443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:07.754620075 CET844349988188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:07.754875898 CET844349988188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:08.855437040 CET844349988188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:08.855500937 CET499888443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:08.855504990 CET844349988188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:08.855515957 CET844349988188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:08.855525970 CET844349988188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:08.855540037 CET844349988188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:08.855549097 CET499888443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:08.855550051 CET844349988188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:08.855572939 CET499888443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:08.855603933 CET499888443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:08.962568998 CET499778443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:08.963037968 CET499998443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:08.967441082 CET844349977188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:08.967549086 CET499778443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:08.967761993 CET844349999188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:08.967839003 CET499998443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:08.968075991 CET499998443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:08.973836899 CET844349999188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:09.414465904 CET844349999188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:09.414525986 CET499998443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:09.414851904 CET499998443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:09.416443110 CET499998443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:09.419645071 CET844349999188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:09.421191931 CET844349999188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:10.539659977 CET844349999188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:10.539674044 CET844349999188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:10.539684057 CET844349999188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:10.539740086 CET844349999188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:10.539751053 CET844349999188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:10.539761066 CET844349999188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:10.539768934 CET844349999188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:10.539860010 CET499998443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:10.539921999 CET499998443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:10.650064945 CET499888443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:10.650532961 CET500088443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:10.655014038 CET844349988188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:10.655137062 CET499888443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:10.655302048 CET844350008188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:10.655364990 CET500088443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:10.656410933 CET500088443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:10.661195040 CET844350008188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:11.113589048 CET844350008188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:11.113679886 CET500088443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:11.114089966 CET500088443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:11.117305994 CET500088443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:11.118820906 CET844350008188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:11.122117043 CET844350008188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:12.221741915 CET844350008188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:12.221755981 CET844350008188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:12.221766949 CET844350008188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:12.221776009 CET844350008188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:12.221787930 CET844350008188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:12.221796989 CET844350008188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:12.221859932 CET500088443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:12.221918106 CET500088443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:12.322568893 CET844350008188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:12.322666883 CET500088443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:12.436045885 CET499998443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:12.436522007 CET500098443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:12.441242933 CET844349999188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:12.441343069 CET499998443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:12.441390038 CET844350009188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:12.441478014 CET500098443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:12.444247961 CET500098443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:12.449179888 CET844350009188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:12.886981010 CET844350009188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:12.889250994 CET500098443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:12.889672041 CET500098443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:12.890587091 CET500098443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:12.894444942 CET844350009188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:12.895350933 CET844350009188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:13.976080894 CET844350009188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:13.976114988 CET844350009188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:13.976125956 CET844350009188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:13.976136923 CET844350009188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:13.976171970 CET500098443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:13.976175070 CET844350009188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:13.976200104 CET844350009188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:13.976212978 CET500098443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:13.976262093 CET500098443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:14.087668896 CET500088443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:14.092689037 CET844350008188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:14.092758894 CET500088443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:14.095129967 CET500108443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:14.099908113 CET844350010188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:14.099992037 CET500108443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:14.100279093 CET500108443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:14.105067968 CET844350010188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:14.546255112 CET844350010188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:14.546318054 CET500108443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:14.552541971 CET500108443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:14.557358980 CET844350010188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:14.564542055 CET500108443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:14.569329977 CET844350010188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:15.638982058 CET844350010188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:15.639008045 CET844350010188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:15.639050961 CET500108443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:15.639054060 CET844350010188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:15.639082909 CET500108443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:15.639105082 CET844350010188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:15.639122009 CET844350010188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:15.639128923 CET500108443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:15.639134884 CET844350010188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:15.639143944 CET844350010188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:15.639148951 CET500108443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:15.639166117 CET500108443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:15.639193058 CET500108443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:20.478333950 CET500098443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:20.478844881 CET500128443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:20.483273983 CET844350009188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:20.483385086 CET500098443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:20.483624935 CET844350012188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:20.483709097 CET500128443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:20.484042883 CET500128443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:20.488822937 CET844350012188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:20.930362940 CET844350012188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:20.930496931 CET500128443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:20.931058884 CET500128443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:20.932059050 CET500128443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:20.935812950 CET844350012188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:20.936819077 CET844350012188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:22.045557976 CET844350012188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:22.045620918 CET844350012188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:22.045629978 CET844350012188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:22.045635939 CET844350012188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:22.045640945 CET844350012188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:22.045651913 CET844350012188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:22.045656919 CET844350012188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:22.045687914 CET500128443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:22.045805931 CET500128443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:22.149923086 CET500108443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:22.150430918 CET500138443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:22.155023098 CET844350010188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:22.155102015 CET500108443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:22.155244112 CET844350013188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:22.155320883 CET500138443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:22.155581951 CET500138443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:22.160327911 CET844350013188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:22.629740953 CET844350013188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:22.629913092 CET500138443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:22.630302906 CET500138443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:22.631344080 CET500138443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:22.635118961 CET844350013188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:22.636148930 CET844350013188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:23.727230072 CET844350013188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:23.727264881 CET844350013188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:23.727277994 CET844350013188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:23.727288008 CET844350013188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:23.727288961 CET500138443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:23.727299929 CET844350013188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:23.727315903 CET844350013188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:23.727329016 CET844350013188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:23.727333069 CET500138443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:23.727344036 CET500138443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:23.727366924 CET500138443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:23.861886024 CET500128443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:23.869968891 CET500158443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:23.874818087 CET844350015188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:23.874888897 CET500158443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:23.881104946 CET844350012188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:23.881181955 CET500128443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:23.895405054 CET500158443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:23.900980949 CET844350015188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:24.337979078 CET844350015188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:24.338040113 CET500158443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:24.338581085 CET500158443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:24.339692116 CET500158443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:24.343317986 CET844350015188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:24.344449997 CET844350015188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:25.430869102 CET844350015188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:25.430882931 CET844350015188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:25.430923939 CET844350015188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:25.430939913 CET844350015188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:25.430952072 CET844350015188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:25.430959940 CET844350015188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:25.430969954 CET844350015188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:25.431088924 CET500158443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:25.431088924 CET500158443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:25.540529966 CET500138443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:25.541212082 CET500168443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:25.545463085 CET844350013188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:25.545990944 CET844350016188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:25.546042919 CET500138443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:25.546075106 CET500168443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:25.546346903 CET500168443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:25.551156044 CET844350016188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:26.020050049 CET844350016188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:26.020113945 CET500168443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:26.020432949 CET500168443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:26.021394014 CET500168443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:26.025212049 CET844350016188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:26.026118040 CET844350016188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:27.160072088 CET844350016188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:27.160128117 CET844350016188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:27.160137892 CET844350016188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:27.160151958 CET844350016188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:27.160167933 CET844350016188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:27.160186052 CET844350016188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:27.160250902 CET500168443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:27.160250902 CET500168443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:27.160250902 CET500168443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:27.160250902 CET500168443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:27.274962902 CET500158443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:27.275369883 CET500178443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:27.279877901 CET844350015188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:27.279967070 CET500158443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:27.280127048 CET844350017188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:27.280199051 CET500178443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:27.280381918 CET500178443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:27.285154104 CET844350017188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:27.737462997 CET844350017188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:27.737574100 CET500178443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:27.737953901 CET500178443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:27.738897085 CET500178443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:27.742729902 CET844350017188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:27.743649960 CET844350017188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:28.836852074 CET844350017188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:28.836869001 CET844350017188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:28.836889029 CET844350017188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:28.836899996 CET844350017188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:28.836913109 CET844350017188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:28.836935043 CET844350017188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:28.836942911 CET844350017188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:28.836982012 CET500178443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:28.837024927 CET500178443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:28.948498964 CET500168443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:28.948975086 CET500188443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:28.953470945 CET844350016188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:28.953541994 CET500168443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:28.953759909 CET844350018188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:28.953820944 CET500188443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:28.954032898 CET500188443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:28.958791018 CET844350018188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:29.419449091 CET844350018188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:29.419511080 CET500188443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:29.420015097 CET500188443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:29.420996904 CET500188443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:29.424835920 CET844350018188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:29.425851107 CET844350018188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:30.514499903 CET844350018188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:30.514517069 CET844350018188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:30.514592886 CET500188443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:30.519247055 CET844350018188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:30.519264936 CET844350018188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:30.519273043 CET844350018188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:30.519285917 CET844350018188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:30.519368887 CET500188443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:30.519368887 CET500188443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:30.605015039 CET844350018188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:30.605073929 CET500188443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:30.712559938 CET500178443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:30.713104963 CET500198443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:30.717569113 CET844350017188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:30.717648983 CET500178443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:30.717906952 CET844350019188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:30.717979908 CET500198443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:30.718175888 CET500198443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:30.722965002 CET844350019188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:31.184364080 CET844350019188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:31.184576035 CET500198443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:31.188514948 CET500198443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:31.189470053 CET500198443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:31.193310022 CET844350019188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:31.194236040 CET844350019188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:32.345611095 CET844350019188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:32.345627069 CET844350019188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:32.345649004 CET844350019188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:32.345659018 CET844350019188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:32.345676899 CET844350019188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:32.345688105 CET844350019188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:32.345693111 CET500198443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:32.345762014 CET500198443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:32.345762014 CET500198443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:32.462336063 CET500188443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:32.462836027 CET500208443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:32.467286110 CET844350018188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:32.467365980 CET500188443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:32.467705965 CET844350020188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:32.467793941 CET500208443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:32.468000889 CET500208443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:32.472839117 CET844350020188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:32.918792009 CET844350020188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:32.918867111 CET500208443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:32.919401884 CET500208443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:32.920500040 CET500208443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:32.924151897 CET844350020188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:32.925224066 CET844350020188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:34.059037924 CET844350020188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:34.059062004 CET844350020188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:34.059084892 CET844350020188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:34.059096098 CET844350020188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:34.059112072 CET844350020188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:34.059128046 CET844350020188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:34.059142113 CET844350020188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:34.059250116 CET500208443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:34.059250116 CET500208443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:34.166126966 CET500198443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:34.171103954 CET844350019188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:34.171169043 CET500198443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:34.185569048 CET500218443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:34.190397024 CET844350021188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:34.190501928 CET500218443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:34.475303888 CET500218443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:34.480149984 CET844350021188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:34.654665947 CET844350021188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:34.654730082 CET500218443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:34.655564070 CET500218443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:34.657221079 CET500218443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:34.660626888 CET844350021188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:34.661937952 CET844350021188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:35.761275053 CET844350021188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:35.761354923 CET500218443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:35.761368036 CET844350021188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:35.761379957 CET844350021188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:35.761389971 CET844350021188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:35.761399984 CET844350021188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:35.761409998 CET844350021188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:35.761444092 CET500218443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:35.761470079 CET500218443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:40.618758917 CET500208443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:40.619385958 CET500228443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:40.623821020 CET844350020188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:40.623895884 CET500208443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:40.624277115 CET844350022188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:40.624356031 CET500228443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:40.624665022 CET500228443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:40.629416943 CET844350022188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:41.089071989 CET844350022188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:41.089225054 CET500228443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:41.089802980 CET500228443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:41.090900898 CET500228443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:41.094624996 CET844350022188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:41.095663071 CET844350022188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:42.237680912 CET844350022188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:42.237742901 CET844350022188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:42.237754107 CET844350022188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:42.237765074 CET844350022188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:42.237775087 CET844350022188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:42.237783909 CET844350022188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:42.237809896 CET500228443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:42.237847090 CET500228443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:42.353769064 CET500218443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:42.354299068 CET500238443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:42.358753920 CET844350021188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:42.358818054 CET500218443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:42.359057903 CET844350023188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:42.359122038 CET500238443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:42.359363079 CET500238443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:42.364087105 CET844350023188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:42.803363085 CET844350023188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:42.803473949 CET500238443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:42.803889990 CET500238443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:42.804971933 CET500238443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:42.808866978 CET844350023188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:42.809762955 CET844350023188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:43.907797098 CET844350023188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:43.907816887 CET844350023188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:43.907828093 CET844350023188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:43.907836914 CET844350023188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:43.907846928 CET844350023188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:43.907855988 CET844350023188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:43.907912016 CET500238443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:43.907970905 CET500238443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:43.994388103 CET844350023188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:43.994504929 CET500238443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:44.103816032 CET500228443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:44.104264975 CET500248443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:44.108793974 CET844350022188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:44.108849049 CET500228443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:44.109019995 CET844350024188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:44.109086037 CET500248443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:44.109333992 CET500248443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:44.114068985 CET844350024188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:44.553949118 CET844350024188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:44.554040909 CET500248443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:44.554514885 CET500248443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:44.555510044 CET500248443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:44.559278011 CET844350024188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:44.560319901 CET844350024188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:45.699594975 CET844350024188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:45.699639082 CET844350024188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:45.699651003 CET844350024188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:45.699661970 CET844350024188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:45.699672937 CET844350024188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:45.699687958 CET500248443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:45.699723005 CET500248443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:45.785756111 CET844350024188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:45.785819054 CET500248443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:45.902213097 CET500238443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:45.902698040 CET500258443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:45.907249928 CET844350023188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:45.907332897 CET500238443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:45.907532930 CET844350025188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:45.907607079 CET500258443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:45.907916069 CET500258443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:45.912689924 CET844350025188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:46.357724905 CET844350025188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:46.357800007 CET500258443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:46.358211994 CET500258443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:46.359143019 CET500258443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:46.362962961 CET844350025188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:46.363907099 CET844350025188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:47.497039080 CET844350025188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:47.497051954 CET844350025188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:47.497064114 CET844350025188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:47.497081041 CET844350025188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:47.497091055 CET844350025188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:47.497098923 CET500258443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:47.497101068 CET844350025188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:47.497137070 CET500258443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:47.497195959 CET500258443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:47.603739023 CET500248443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:47.604193926 CET500268443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:47.608823061 CET844350024188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:47.608876944 CET500248443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:47.608959913 CET844350026188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:47.609025955 CET500268443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:47.609275103 CET500268443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:47.614049911 CET844350026188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:48.074923992 CET844350026188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:48.074990034 CET500268443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:48.075484991 CET500268443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:48.076488972 CET500268443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:48.080326080 CET844350026188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:48.081271887 CET844350026188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:49.158080101 CET844350026188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:49.158098936 CET844350026188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:49.158107042 CET844350026188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:49.158111095 CET844350026188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:49.158118010 CET844350026188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:49.158123970 CET844350026188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:49.158247948 CET500268443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:49.259900093 CET500258443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:49.260380030 CET500278443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:49.264839888 CET844350025188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:49.264911890 CET500258443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:49.265182018 CET844350027188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:49.265249968 CET500278443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:49.265536070 CET500278443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:49.270308971 CET844350027188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:49.723169088 CET844350027188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:49.723349094 CET500278443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:49.942857981 CET500278443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:49.944650888 CET500278443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:49.947618961 CET844350027188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:49.949501991 CET844350027188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:51.039622068 CET844350027188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:51.039638042 CET844350027188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:51.039649010 CET844350027188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:51.039740086 CET844350027188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:51.039746046 CET500278443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:51.039751053 CET844350027188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:51.039762974 CET844350027188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:51.039800882 CET500278443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:51.039819002 CET500278443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:51.150899887 CET500268443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:51.151364088 CET500288443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:51.155924082 CET844350026188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:51.156188965 CET844350028188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:51.156240940 CET500268443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:51.156279087 CET500288443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:51.156539917 CET500288443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:51.161322117 CET844350028188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:51.622432947 CET844350028188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:51.622530937 CET500288443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:51.622972965 CET500288443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:51.623946905 CET500288443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:51.627728939 CET844350028188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:51.628720045 CET844350028188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:52.727516890 CET844350028188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:52.727571964 CET844350028188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:52.727582932 CET844350028188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:52.727596998 CET844350028188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:52.727607012 CET844350028188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:52.727617979 CET844350028188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:52.727771044 CET500288443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:52.841430902 CET500278443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:52.842648983 CET500298443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:52.846553087 CET844350027188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:52.846642971 CET500278443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:52.847415924 CET844350029188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:52.847492933 CET500298443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:52.847819090 CET500298443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:52.852657080 CET844350029188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:53.325197935 CET844350029188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:53.325277090 CET500298443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:53.325767040 CET500298443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:53.326785088 CET500298443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:53.330586910 CET844350029188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:53.331614017 CET844350029188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:54.412539959 CET844350029188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:54.412573099 CET844350029188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:54.412591934 CET844350029188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:54.412604094 CET844350029188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:54.412614107 CET844350029188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:54.412626028 CET844350029188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:54.412627935 CET500298443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:54.412656069 CET500298443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:54.412689924 CET500298443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:54.527000904 CET500288443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:54.528990984 CET500308443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:54.532067060 CET844350028188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:54.532124043 CET500288443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:54.533797979 CET844350030188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:54.533862114 CET500308443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:54.534110069 CET500308443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:54.538909912 CET844350030188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:55.000907898 CET844350030188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:55.000972033 CET500308443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:55.001406908 CET500308443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:55.002461910 CET500308443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:55.006405115 CET844350030188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:55.007234097 CET844350030188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:56.100327015 CET844350030188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:56.100361109 CET844350030188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:56.100373030 CET844350030188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:56.100383997 CET844350030188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:56.100394964 CET844350030188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:56.100404978 CET844350030188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:56.100421906 CET500308443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:56.100460052 CET500308443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:56.213145018 CET500298443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:56.213545084 CET500328443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:56.219100952 CET844350032188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:56.219131947 CET844350029188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:56.219187021 CET500328443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:56.219212055 CET500298443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:56.219407082 CET500328443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:56.224142075 CET844350032188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:56.675028086 CET844350032188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:56.675148964 CET500328443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:56.675575018 CET500328443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:56.676590919 CET500328443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:56.680340052 CET844350032188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:56.681365967 CET844350032188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:57.780225039 CET844350032188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:57.780251980 CET844350032188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:57.780267000 CET844350032188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:57.780280113 CET844350032188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:57.780289888 CET844350032188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:57.780301094 CET844350032188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:57.780450106 CET500328443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:57.885191917 CET500308443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:57.886127949 CET500338443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:57.890238047 CET844350030188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:57.890294075 CET500308443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:57.890896082 CET844350033188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:57.890964031 CET500338443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:57.891225100 CET500338443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:57.896004915 CET844350033188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:58.337869883 CET844350033188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:58.338001966 CET500338443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:58.338531971 CET500338443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:58.339509964 CET500338443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:58.343306065 CET844350033188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:58.344317913 CET844350033188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:59.432507992 CET844350033188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:59.432524920 CET844350033188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:59.432534933 CET844350033188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:59.432544947 CET844350033188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:59.432554960 CET844350033188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:59.432566881 CET844350033188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:59.432630062 CET500338443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:59.432683945 CET500338443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:59.541265965 CET500328443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:59.541779995 CET500348443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:59.546344995 CET844350032188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:59.546408892 CET500328443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:59.546639919 CET844350034188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:11:59.546722889 CET500348443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:59.547015905 CET500348443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:11:59.551798105 CET844350034188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:00.020929098 CET844350034188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:00.021069050 CET500348443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:00.021439075 CET500348443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:00.022499084 CET500348443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:00.026252031 CET844350034188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:00.027287006 CET844350034188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:01.115271091 CET844350034188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:01.115308046 CET844350034188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:01.115324974 CET844350034188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:01.115338087 CET844350034188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:01.115349054 CET844350034188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:01.115360975 CET844350034188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:01.115478039 CET500348443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:01.228847027 CET500338443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:01.229408979 CET500358443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:01.234170914 CET844350033188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:01.234220028 CET844350035188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:01.234236956 CET500338443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:01.234293938 CET500358443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:01.234519005 CET500358443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:01.239253998 CET844350035188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:01.754033089 CET844350035188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:01.754117966 CET500358443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:01.754622936 CET500358443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:01.755623102 CET500358443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:01.759381056 CET844350035188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:01.760376930 CET844350035188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:02.921684027 CET844350035188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:02.921701908 CET844350035188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:02.921714067 CET844350035188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:02.921725988 CET844350035188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:02.921737909 CET844350035188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:02.921751022 CET844350035188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:02.921753883 CET500358443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:02.921761990 CET844350035188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:02.921782017 CET500358443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:02.921813011 CET500358443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:03.025531054 CET500348443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:03.026104927 CET500368443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:03.030636072 CET844350034188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:03.030695915 CET500348443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:03.030872107 CET844350036188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:03.030930996 CET500368443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:03.031459093 CET500368443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:03.036215067 CET844350036188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:03.478646040 CET844350036188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:03.478717089 CET500368443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:03.481755018 CET500368443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:03.482940912 CET500368443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:03.486526966 CET844350036188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:03.487713099 CET844350036188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:04.575098991 CET844350036188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:04.575119972 CET844350036188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:04.575133085 CET844350036188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:04.575143099 CET844350036188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:04.575154066 CET844350036188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:04.575166941 CET844350036188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:04.575202942 CET500368443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:04.575264931 CET500368443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:04.682135105 CET500358443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:04.682674885 CET500378443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:04.687155008 CET844350035188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:04.687230110 CET500358443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:04.687489986 CET844350037188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:04.687555075 CET500378443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:04.687822104 CET500378443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:04.692600012 CET844350037188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:05.186111927 CET844350037188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:05.186477900 CET500378443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:05.187236071 CET500378443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:05.188204050 CET500378443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:05.192023039 CET844350037188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:05.193005085 CET844350037188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:06.327620983 CET844350037188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:06.327645063 CET844350037188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:06.327656984 CET844350037188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:06.327666998 CET844350037188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:06.327677965 CET844350037188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:06.327686071 CET500378443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:06.327721119 CET500378443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:06.327748060 CET500378443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:06.327783108 CET844350037188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:06.327828884 CET844350037188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:06.327830076 CET500378443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:06.327871084 CET500378443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:06.447479010 CET500368443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:06.447993040 CET500388443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:06.452421904 CET844350036188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:06.452508926 CET500368443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:06.452744961 CET844350038188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:06.452814102 CET500388443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:06.453063011 CET500388443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:06.457782984 CET844350038188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:06.936394930 CET844350038188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:06.936467886 CET500388443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:06.936851025 CET500388443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:06.937887907 CET500388443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:06.941586018 CET844350038188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:06.942629099 CET844350038188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:08.057627916 CET844350038188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:08.057646990 CET844350038188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:08.057657957 CET844350038188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:08.057668924 CET844350038188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:08.057681084 CET844350038188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:08.057691097 CET500388443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:08.057729006 CET500388443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:08.149008989 CET844350038188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:08.149199009 CET500388443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:08.260030985 CET500378443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:08.260659933 CET500398443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:08.265048981 CET844350037188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:08.265111923 CET500378443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:08.265414953 CET844350039188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:08.265490055 CET500398443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:08.265716076 CET500398443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:08.270472050 CET844350039188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:08.719470024 CET844350039188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:08.719558954 CET500398443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:08.720053911 CET500398443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:08.721149921 CET500398443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:08.724802971 CET844350039188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:08.725970030 CET844350039188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:09.816178083 CET844350039188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:09.816215992 CET844350039188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:09.816227913 CET844350039188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:09.816241026 CET844350039188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:09.816252947 CET844350039188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:09.816263914 CET844350039188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:09.816274881 CET500398443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:09.816308022 CET500398443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:09.931915045 CET500388443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:09.932420969 CET500408443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:09.937000036 CET844350038188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:09.937077999 CET500388443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:09.937160969 CET844350040188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:09.937315941 CET500408443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:09.937458038 CET500408443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:09.942244053 CET844350040188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:10.404385090 CET844350040188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:10.404480934 CET500408443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:10.404953957 CET500408443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:10.406161070 CET500408443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:10.409785986 CET844350040188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:10.410948038 CET844350040188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:11.500019073 CET844350040188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:11.500056982 CET844350040188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:11.500068903 CET844350040188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:11.500082016 CET844350040188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:11.500094891 CET844350040188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:11.500111103 CET500408443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:11.500154018 CET500408443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:11.590830088 CET844350040188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:11.590925932 CET500408443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:11.697524071 CET500398443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:11.698014021 CET500418443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:11.702534914 CET844350039188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:11.702611923 CET500398443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:11.702796936 CET844350041188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:11.702868938 CET500418443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:11.703115940 CET500418443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:11.707909107 CET844350041188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:12.209742069 CET844350041188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:12.209820032 CET500418443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:12.210320950 CET500418443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:12.211249113 CET500418443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:12.215101957 CET844350041188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:12.216085911 CET844350041188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:13.378994942 CET844350041188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:13.379014015 CET844350041188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:13.379031897 CET844350041188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:13.379044056 CET844350041188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:13.379055023 CET844350041188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:13.379066944 CET844350041188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:13.379113913 CET500418443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:13.379165888 CET500418443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:13.494473934 CET500408443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:13.495007992 CET500428443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:13.499532938 CET844350040188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:13.499634027 CET500408443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:13.499802113 CET844350042188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:13.499870062 CET500428443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:13.500081062 CET500428443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:13.504795074 CET844350042188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:13.956401110 CET844350042188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:13.956482887 CET500428443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:13.956864119 CET500428443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:13.957902908 CET500428443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:13.961585999 CET844350042188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:13.962745905 CET844350042188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:15.055166006 CET844350042188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:15.055185080 CET844350042188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:15.055197001 CET844350042188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:15.055210114 CET844350042188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:15.055222034 CET844350042188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:15.055234909 CET844350042188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:15.055258036 CET500428443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:15.055303097 CET500428443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:15.169898033 CET500418443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:15.170459032 CET500438443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:15.174951077 CET844350041188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:15.175019026 CET500418443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:15.175261974 CET844350043188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:15.175333977 CET500438443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:15.175645113 CET500438443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:15.180435896 CET844350043188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:15.636131048 CET844350043188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:15.636233091 CET500438443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:15.636682987 CET500438443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:15.637634993 CET500438443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:15.641441107 CET844350043188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:15.642424107 CET844350043188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:16.744674921 CET844350043188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:16.744714975 CET844350043188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:16.744725943 CET844350043188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:16.744735956 CET844350043188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:16.744745970 CET844350043188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:16.744755030 CET844350043188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:16.744811058 CET500438443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:16.744863033 CET500438443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:16.853880882 CET500428443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:16.854401112 CET500448443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:16.858850956 CET844350042188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:16.858941078 CET500428443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:16.859148979 CET844350044188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:16.859224081 CET500448443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:16.859558105 CET500448443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:16.864353895 CET844350044188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:17.328366041 CET844350044188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:17.328504086 CET500448443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:17.329005003 CET500448443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:17.330071926 CET500448443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:17.333750963 CET844350044188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:17.334865093 CET844350044188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:18.505714893 CET844350044188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:18.505731106 CET844350044188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:18.505742073 CET844350044188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:18.505765915 CET844350044188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:18.505778074 CET844350044188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:18.505788088 CET844350044188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:18.505908966 CET500448443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:18.506022930 CET500448443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:18.620165110 CET500438443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:18.620709896 CET500458443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:18.625262022 CET844350043188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:18.625364065 CET500438443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:18.625602007 CET844350045188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:18.625664949 CET500458443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:18.626019001 CET500458443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:18.630862951 CET844350045188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:19.075429916 CET844350045188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:19.075607061 CET500458443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:19.076323032 CET500458443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:19.077387094 CET500458443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:19.081051111 CET844350045188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:19.082215071 CET844350045188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:20.189330101 CET844350045188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:20.189344883 CET844350045188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:20.189356089 CET844350045188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:20.189388990 CET844350045188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:20.189399958 CET844350045188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:20.189410925 CET844350045188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:20.189440012 CET500458443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:20.189491987 CET500458443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:20.276900053 CET844350045188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:20.276968956 CET500458443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:20.385044098 CET500448443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:20.385584116 CET500468443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:20.390094995 CET844350044188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:20.390151978 CET500448443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:20.390402079 CET844350046188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:20.390451908 CET500468443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:20.390700102 CET500468443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:20.395418882 CET844350046188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:20.846014977 CET844350046188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:20.846088886 CET500468443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:20.846566916 CET500468443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:20.847513914 CET500468443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:20.851320982 CET844350046188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:20.852338076 CET844350046188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:21.959352016 CET844350046188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:21.959391117 CET844350046188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:21.959403038 CET844350046188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:21.959414005 CET500468443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:21.959427118 CET500468443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:21.959436893 CET844350046188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:21.959443092 CET500468443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:21.959450960 CET844350046188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:21.959461927 CET844350046188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:21.959474087 CET500468443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:21.959490061 CET500468443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:21.959506035 CET500468443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:22.072935104 CET500458443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:22.073354006 CET500478443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:22.078118086 CET844350045188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:22.078186989 CET844350047188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:22.078249931 CET500458443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:22.078318119 CET500478443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:22.080404043 CET500478443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:22.085582972 CET844350047188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:22.560580969 CET844350047188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:22.560681105 CET500478443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:22.561148882 CET500478443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:22.562077045 CET500478443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:22.565936089 CET844350047188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:22.566889048 CET844350047188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:23.652750015 CET844350047188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:23.652786016 CET844350047188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:23.652796030 CET844350047188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:23.652806997 CET844350047188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:23.652817011 CET844350047188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:23.652827024 CET844350047188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:23.652861118 CET500478443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:23.653019905 CET500478443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:23.763720989 CET500468443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:23.764203072 CET500488443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:23.768704891 CET844350046188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:23.769015074 CET844350048188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:23.769099951 CET500468443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:23.769160986 CET500488443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:23.769431114 CET500488443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:23.774183989 CET844350048188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:24.215483904 CET844350048188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:24.215593100 CET500488443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:24.216084957 CET500488443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:24.217195988 CET500488443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:24.220855951 CET844350048188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:24.222018957 CET844350048188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:25.387790918 CET844350048188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:25.387806892 CET844350048188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:25.387818098 CET844350048188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:25.387831926 CET844350048188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:25.387900114 CET844350048188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:25.387911081 CET500488443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:25.388010979 CET500488443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:25.473620892 CET844350048188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:25.473809958 CET500488443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:25.588392019 CET500478443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:25.589036942 CET500498443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:25.593442917 CET844350047188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:25.593502998 CET500478443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:25.593851089 CET844350049188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:25.593923092 CET500498443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:25.594130039 CET500498443192.168.2.6188.114.96.3
                                            Jan 3, 2025 13:12:25.598881960 CET844350049188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:26.048540115 CET844350049188.114.96.3192.168.2.6
                                            Jan 3, 2025 13:12:26.048608065 CET500498443192.168.2.6188.114.96.3

                                            UDP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Jan 3, 2025 13:10:21.657078028 CET6034253192.168.2.61.1.1.1
                                            Jan 3, 2025 13:10:21.671142101 CET53603421.1.1.1192.168.2.6

                                            DNS Queries

                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                            Jan 3, 2025 13:10:21.657078028 CET192.168.2.61.1.1.10x2150Standard query (0)632313373.xyzA (IP address)IN (0x0001)false

                                            DNS Answers

                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                            Jan 3, 2025 13:10:21.671142101 CET1.1.1.1192.168.2.60x2150No error (0)632313373.xyz188.114.96.3A (IP address)IN (0x0001)false
                                            Jan 3, 2025 13:10:21.671142101 CET1.1.1.1192.168.2.60x2150No error (0)632313373.xyz188.114.97.3A (IP address)IN (0x0001)false

                                            Statistics

                                            CPU Usage

                                            Click to jump to process

                                            Memory Usage

                                            Click to jump to process

                                            High Level Behavior Distribution

                                            Click to dive into process behavior distribution

                                            Behavior

                                            Click to jump to process

                                            System Behavior

                                            General

                                            Target ID:0
                                            Start time:07:10:19
                                            Start date:03/01/2025
                                            Path:C:\Users\user\Desktop\mode11_0HVJ.exe
                                            Wow64 process (32bit):false
                                            Commandline:"C:\Users\user\Desktop\mode11_0HVJ.exe"
                                            Imagebase:0xb50000
                                            File size:4'929'024 bytes
                                            MD5 hash:253D6BAFCCBCA3B73532BE37524C551E
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CobaltStrike, Description: Yara detected CobaltStrike, Source: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: Windows_Trojan_CobaltStrike_ee756db7, Description: Attempts to detect Cobalt Strike based on strings found in BEACON, Source: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Author: unknown
                                            • Rule: Windows_Trojan_CobaltStrike_663fc95d, Description: Identifies CobaltStrike via unidentified function code, Source: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Author: unknown
                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Author: unknown
                                            • Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                            • Rule: JoeSecurity_CobaltStrike, Description: Yara detected CobaltStrike, Source: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: Windows_Trojan_CobaltStrike_ee756db7, Description: Attempts to detect Cobalt Strike based on strings found in BEACON, Source: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                            • Rule: Windows_Trojan_CobaltStrike_663fc95d, Description: Identifies CobaltStrike via unidentified function code, Source: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                            • Rule: Trojan_Raw_Generic_4, Description: unknown, Source: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000002.3418911823.000000C000102000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CobaltStrike, Description: Yara detected CobaltStrike, Source: 00000000.00000002.3418911823.000000C000102000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000002.3418911823.000000C000102000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000002.3418911823.000000C000102000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: Windows_Trojan_CobaltStrike_ee756db7, Description: Attempts to detect Cobalt Strike based on strings found in BEACON, Source: 00000000.00000002.3418911823.000000C000102000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                            • Rule: Windows_Trojan_CobaltStrike_663fc95d, Description: Identifies CobaltStrike via unidentified function code, Source: 00000000.00000002.3418911823.000000C000102000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000002.3418911823.000000C000102000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                            Reputation:low
                                            Has exited:false

                                            General

                                            Target ID:1
                                            Start time:07:10:19
                                            Start date:03/01/2025
                                            Path:C:\Windows\System32\conhost.exe
                                            Wow64 process (32bit):false
                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                            Imagebase:0x7ff66e660000
                                            File size:862'208 bytes
                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            Disassembly

                                            Reset < >

                                              Execution Graph

                                              Execution Coverage:2.1%
                                              Dynamic/Decrypted Code Coverage:100%
                                              Signature Coverage:9.3%
                                              Total number of Nodes:54
                                              Total number of Limit Nodes:7
                                              execution_graph 34006 20cd6961b48 34007 20cd6961b64 _DllMainCRTStartup 34006->34007 34008 20cd6961bf4 34007->34008 34017 20cd6961bbe 34007->34017 34018 20cd69619e8 34007->34018 34008->34017 34022 20cd69593e0 34008->34022 34010 20cd6961c12 34011 20cd6961c3b 34010->34011 34013 20cd69593e0 _DllMainCRTStartup 12 API calls 34010->34013 34014 20cd69619e8 _CRT_INIT GetFileType 34011->34014 34011->34017 34015 20cd6961c2e 34013->34015 34014->34017 34016 20cd69619e8 _CRT_INIT GetFileType 34015->34016 34016->34011 34019 20cd69619fa _mtinit _heap_init _CRT_INIT _RTC_Initialize 34018->34019 34021 20cd6961a03 9 library calls 34018->34021 34019->34021 34028 20cd6967e40 34019->34028 34021->34008 34023 20cd6959402 _DllMainCRTStartup 34022->34023 34024 20cd69594bb 34022->34024 34026 20cd6959407 _DllMainCRTStartup 34023->34026 34032 20cd694ca74 34023->34032 34039 20cd695b47c 34024->34039 34026->34010 34031 20cd6967e6f _lock _calloc_crt 34028->34031 34029 20cd6967e93 _ioinit __lock_fhandle 34029->34021 34030 20cd69680ce GetFileType 34030->34031 34031->34029 34031->34030 34033 20cd694ca92 malloc _DllMainCRTStartup 34032->34033 34043 20cd6955c60 34033->34043 34040 20cd695b4a0 setSBCS malloc _DllMainCRTStartup 34039->34040 34042 20cd695b575 _setmbcp setSBCS malloc _DllMainCRTStartup 34040->34042 34054 20cd694f014 34040->34054 34042->34026 34044 20cd6955c7e _DllMainCRTStartup 34043->34044 34047 20cd6955e28 34044->34047 34046 20cd6955d94 _setmbcp setSBCS _DllMainCRTStartup 34048 20cd6955e51 _DllMainCRTStartup 34047->34048 34049 20cd6955e9f GetUserNameA 34048->34049 34050 20cd6955ec8 34049->34050 34053 20cd694f008 WSASocketA WSAIoctl closesocket _DllMainCRTStartup 34050->34053 34052 20cd6955ecd _snprintf strrchr _DllMainCRTStartup 34052->34046 34053->34052 34061 20cd694f118 34054->34061 34056 20cd694f02f WSASocketA 34057 20cd694f051 34056->34057 34058 20cd694f058 WSAIoctl 34056->34058 34057->34042 34060 20cd694f099 closesocket 34058->34060 34060->34057 34062 20cd694f12c 34061->34062 34062->34056 34063 20cd51588d4 34064 20cd5158961 34063->34064 34069 20cd5159324 34064->34069 34066 20cd5158a01 34073 20cd51596b4 34066->34073 34068 20cd5158a8f 34072 20cd515935e 34069->34072 34070 20cd5159479 34070->34066 34071 20cd5159455 VirtualAlloc 34071->34070 34072->34070 34072->34071 34074 20cd5159723 34073->34074 34075 20cd515994f 34074->34075 34076 20cd515976e LoadLibraryA 34074->34076 34075->34068 34076->34074

                                              Executed Functions

                                              Function 0000020CD694E68C Relevance: 9.3, APIs: 6, Instructions: 260networkCOMMONLIBRARYCODE
                                              Download Yara Rule

                                              Control-flow Graph

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020CD6940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd6940000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _snprintf$strchr$AvailableDataInternetQuery_errno_invalid_parameter_noinfo
                                              • String ID:
                                              • API String ID: 2459009813-0
                                              • Opcode ID: 6e2045361780fadf1587795c869fcd23f7db7a84374f415de51a140654aa30c6
                                              • Instruction ID: 30b7e17cd7cced567c254b279bc37769c697a779942198da34fca672a0826f0b
                                              • Opcode Fuzzy Hash: 6e2045361780fadf1587795c869fcd23f7db7a84374f415de51a140654aa30c6
                                              • Instruction Fuzzy Hash: FF81B571618B484FEB54FB18D8997AAB3E5FB94311F20063EE44AC3297DE34E906C781
                                              Function 0000020CD6955E28 Relevance: 4.7, APIs: 3, Instructions: 190stringCOMMONLIBRARYCODE
                                              Download Yara Rule

                                              Control-flow Graph

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020CD6940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd6940000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: NameUser_snprintfmallocstrrchr
                                              • String ID:
                                              • API String ID: 1238167203-0
                                              • Opcode ID: d69273eeb4579e6a96eb8d0c87a60564a21875d7210b55cf29d23a145d20b21e
                                              • Instruction ID: 571e79a3bccb0dbbbcbb2f84393e16b71ab4701749c3ece6a0f1de875cf82ca4
                                              • Opcode Fuzzy Hash: d69273eeb4579e6a96eb8d0c87a60564a21875d7210b55cf29d23a145d20b21e
                                              • Instruction Fuzzy Hash: 7D512170718B080FEA58BB6C946A7B976D2EB89310F24462DF58FC3297DE34D8468745
                                              Function 0000020CD694CA74 Relevance: 7.9, APIs: 6, Instructions: 411COMMONLIBRARYCODE
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 55 20cd694ca74-20cd694cbd6 call 20cd6955fec call 20cd69561e8 * 3 call 20cd695b454 call 20cd695b464 * 2 call 20cd695b434 * 2 call 20cd695b454 * 2 call 20cd695f284 call 20cd695b434 * 3 call 20cd695b464 call 20cd695c230 call 20cd69534a0 call 20cd695eaa8 * 2 call 20cd694f3c0 98 20cd694cbdd-20cd694cbf2 call 20cd695b434 call 20cd694f1e4 55->98 99 20cd694cbd8 call 20cd695da74 55->99 105 20cd694cbf9-20cd694cc07 call 20cd694f1f8 98->105 106 20cd694cbf4 call 20cd695da74 98->106 99->98 110 20cd694cc0e-20cd694cc15 call 20cd694f274 105->110 111 20cd694cc09 call 20cd695da74 105->111 106->105 115 20cd694cc1c-20cd694cc55 call 20cd695b464 call 20cd695b434 call 20cd695f284 110->115 116 20cd694cc17 call 20cd695da74 110->116 111->110 124 20cd694cc5c-20cd694cc90 call 20cd695b434 call 20cd695eaa8 call 20cd695b434 call 20cd6955c60 115->124 125 20cd694cc57 call 20cd695da74 115->125 116->115 135 20cd694cebb-20cd694cee7 call 20cd695c218 call 20cd695f244 call 20cd695da74 124->135 136 20cd694cc96-20cd694cc9e 124->136 125->124 137 20cd694cca2-20cd694cd24 call 20cd695bfc0 call 20cd695f63c call 20cd695bfc0 call 20cd695f63c * 2 call 20cd6952ee0 136->137 156 20cd694cd44-20cd694cd77 call 20cd694ea48 call 20cd695b434 call 20cd694e9f4 137->156 157 20cd694cd26-20cd694cd2b 137->157 168 20cd694cd9c-20cd694cd9f 156->168 169 20cd694cd79-20cd694cd87 call 20cd695ad44 156->169 159 20cd694cd2e-20cd694cd35 157->159 159->159 161 20cd694cd37-20cd694cd3a 159->161 161->156 162 20cd694cd3c-20cd694cd3f call 20cd69531f4 161->162 162->156 170 20cd694cda5-20cd694cdc8 call 20cd6956b98 call 20cd695b434 168->170 171 20cd694ce26-20cd694ce27 168->171 178 20cd694cd89-20cd694cd93 call 20cd6958e0c 169->178 179 20cd694cd95-20cd694cd99 169->179 186 20cd694cdcf-20cd694cdf0 call 20cd69518c4 call 20cd6955144 call 20cd6954a04 call 20cd694f3c0 170->186 187 20cd694cdca 170->187 174 20cd694ce2c-20cd694ce38 call 20cd694e9c8 call 20cd694f3c0 171->174 189 20cd694ce3f-20cd694ce5d call 20cd695bf04 174->189 190 20cd694ce3a call 20cd695da74 174->190 178->168 179->168 214 20cd694cdf2-20cd694cdf5 call 20cd694f484 186->214 215 20cd694cdfa-20cd694ce01 186->215 187->186 197 20cd694ce5f call 20cd695da74 189->197 198 20cd694ce64-20cd694ce6c 189->198 190->189 197->198 198->135 201 20cd694ce6e-20cd694ce76 198->201 203 20cd694ce78-20cd694ce89 201->203 204 20cd694cea4 call 20cd695211c 201->204 207 20cd694ce9c 203->207 208 20cd694ce8b-20cd694ce9a call 20cd694f3a0 203->208 210 20cd694cea9-20cd694ceb5 204->210 212 20cd694ce9e-20cd694cea0 207->212 208->212 210->135 210->137 212->204 217 20cd694cea2 212->217 214->215 215->174 219 20cd694ce03-20cd694ce24 call 20cd694e9c8 call 20cd694ea48 call 20cd694ec04 215->219 217->204 219->174
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020CD6940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd6940000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: malloc$_snprintf$_errno$_callnewhfreerealloc
                                              • String ID:
                                              • API String ID: 74200508-0
                                              • Opcode ID: fd4b1ce187cf5d2c7b3c7d1d5f2f485ec143d87fcb2d796d9dd721ce5a89571b
                                              • Instruction ID: 16e24a636e10299844d9eac178daa592c804788dd968d0f0d39c21f9f1553bd6
                                              • Opcode Fuzzy Hash: fd4b1ce187cf5d2c7b3c7d1d5f2f485ec143d87fcb2d796d9dd721ce5a89571b
                                              • Instruction Fuzzy Hash: D8D161B0714B454BFB58BB7498BA7BA72D1EB84310F60463DA446C32D7DE34E906C746
                                              Function 0000020CD694F014 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 103networkCOMMONLIBRARYCODE
                                              Download Yara Rule

                                              Control-flow Graph

                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020CD6940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd6940000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: IoctlSocketclosesocket
                                              • String ID: _Cy
                                              • API String ID: 3445158922-1085951347
                                              • Opcode ID: 9f6035121241c12ff71e8e552415c275c25b201d0c9d2d3551ffb33b20d91594
                                              • Instruction ID: d024940d233fbb21d6c943efb096d3f5c39557d30ba2e0903cb536c7aeafdafe
                                              • Opcode Fuzzy Hash: 9f6035121241c12ff71e8e552415c275c25b201d0c9d2d3551ffb33b20d91594
                                              • Instruction Fuzzy Hash: 0131D67061CB494BDB54EF289498766B7D1FBE8315F20073EE44AC3296DB34D541C745
                                              Function 0000020CD694EA48 Relevance: 3.2, APIs: 2, Instructions: 159networkCOMMONLIBRARYCODE
                                              Download Yara Rule

                                              Control-flow Graph

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020CD6940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd6940000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Internet$ConnectOpen
                                              • String ID:
                                              • API String ID: 2790792615-0
                                              • Opcode ID: c02896be98f17698b461471e8597e5ae08ffedd86d74317b17a8770a829ca45e
                                              • Instruction ID: 9b5aa883bf0954cebb708755f71cf0fcf9647284e10a99755a60ffe0ba09f68a
                                              • Opcode Fuzzy Hash: c02896be98f17698b461471e8597e5ae08ffedd86d74317b17a8770a829ca45e
                                              • Instruction Fuzzy Hash: 23519570718B044FEB59EF28D8AA76973D1FB88304F21163DE087C7297DA78A906C746
                                              Function 0000020CD51596B4 Relevance: 1.6, APIs: 1, Instructions: 149libraryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: LibraryLoad
                                              • String ID:
                                              • API String ID: 1029625771-0
                                              • Opcode ID: 74d038c8b1c51bf1d7765a817c366e135375bbd51fab872694d5e2c19deb3bea
                                              • Instruction ID: 30d6c42deb1552d42c4175b6806db97fcdfdeb33a19ac811eaaf18496bc1f614
                                              • Opcode Fuzzy Hash: 74d038c8b1c51bf1d7765a817c366e135375bbd51fab872694d5e2c19deb3bea
                                              • Instruction Fuzzy Hash: 41717636219B8486CAA0CB0AE49035AB7B4F7C8B94F545125EBCE83B69DF3DD555CB00
                                              Function 0000020CD5159324 Relevance: 1.3, APIs: 1, Instructions: 87memoryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 344 20cd5159324-20cd5159358 345 20cd515944d-20cd5159453 344->345 346 20cd515935e-20cd5159374 344->346 347 20cd5159479-20cd5159482 345->347 348 20cd5159455-20cd5159474 VirtualAlloc 345->348 346->345 350 20cd515937a-20cd51593c2 346->350 348->347 352 20cd51593ce-20cd51593d4 350->352 353 20cd5159402-20cd5159408 352->353 354 20cd51593d6-20cd51593de 352->354 353->345 355 20cd515940a-20cd5159445 353->355 354->353 356 20cd51593e0-20cd51593e6 354->356 355->345 356->353 357 20cd51593e8-20cd5159400 356->357 357->352
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: AllocVirtual
                                              • String ID:
                                              • API String ID: 4275171209-0
                                              • Opcode ID: 614a4b05fd2fcf958961d58200ae62ff8fa006310eb0dba3dbba10185b0029ad
                                              • Instruction ID: fbb95766263c6a8ce7ff72e26cbae8443f4a08a3fad30799ab69a9484e700a3f
                                              • Opcode Fuzzy Hash: 614a4b05fd2fcf958961d58200ae62ff8fa006310eb0dba3dbba10185b0029ad
                                              • Instruction Fuzzy Hash: 85418972618B8487DB50CB1AE44471EB7B1F7C8B94F105225FA9E87BA8DB3CD851CB00
                                              Function 00BBF220 Relevance: .1, Instructions: 57COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 455 bbf220-bbf2d2 call bbf360 call bbd500 call bbb5c0 461 bbf2d7-bbf354 455->461
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3417745155.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                              • Associated: 00000000.00000002.3417729449.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.3417822296.0000000000C0D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.3418041423.0000000000EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.3418054833.0000000000EEA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.3418066333.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.3418081324.0000000000EFC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.3418094019.0000000000EFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.3418094019.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.3418094019.0000000000F19000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.3418094019.0000000000F1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.3418094019.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.3418159378.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.3418159378.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.3418222261.000000000102F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.3418233318.0000000001030000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_b50000_mode11_0HVJ.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a2a83c295b55d1fb3924cfc6086ff6026e810ee76d85704118357723c5304dc2
                                              • Instruction ID: fae55c05c723f0032b56e9db372a0deba9347a8266887dbdcecc6760e10258db
                                              • Opcode Fuzzy Hash: a2a83c295b55d1fb3924cfc6086ff6026e810ee76d85704118357723c5304dc2
                                              • Instruction Fuzzy Hash: E9319A6391CFC482D3218B24F5413AAB364F7A9784F15A715EFC812A1ADF78E2E5CB40
                                              Function 00BBB5C0 Relevance: .0, Instructions: 2COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 462 bbb5c0-bbb5c5 call bc21e0
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3417745155.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                              • Associated: 00000000.00000002.3417729449.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.3417822296.0000000000C0D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.3418041423.0000000000EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.3418054833.0000000000EEA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.3418066333.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.3418081324.0000000000EFC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.3418094019.0000000000EFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.3418094019.0000000000F16000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.3418094019.0000000000F19000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.3418094019.0000000000F1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.3418094019.0000000000F44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.3418159378.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.3418159378.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.3418222261.000000000102F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.3418233318.0000000001030000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_b50000_mode11_0HVJ.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f426410239744f5ba57e2b78151ac65bfe157d6a2c0a85e8369f5e0dce230c44
                                              • Instruction ID: d4b1ab037503fa929d8aae72f0b31fdd226d4d1469f743e98a910ec01f4201fc
                                              • Opcode Fuzzy Hash: f426410239744f5ba57e2b78151ac65bfe157d6a2c0a85e8369f5e0dce230c44
                                              • Instruction Fuzzy Hash:

                                              Non-executed Functions

                                              Function 0000020CD516239C Relevance: 32.2, APIs: 16, Strings: 2, Instructions: 694COMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _errnowrite_multi_charwrite_string$Locale_invalid_parameter_noinfowrite_char$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_fileno_getptd_getptd_noexit_isleadbyte_lfree
                                              • String ID: $@
                                              • API String ID: 3318157856-1077428164
                                              • Opcode ID: 0917c7b026fa98026fd61c82a9db6b94b013ed73c29c4ccbf17a38093d3ada48
                                              • Instruction ID: 5bf11256a6e0b82b6ebadbdb5a985eb73a772315156e5581a4cee2a054aaa9bc
                                              • Opcode Fuzzy Hash: 0917c7b026fa98026fd61c82a9db6b94b013ed73c29c4ccbf17a38093d3ada48
                                              • Instruction Fuzzy Hash: 6452F0E26087958AFB648B19D58C3BE6BA4F745784F340325DE6617AEBDB78C840CB01
                                              Function 0000020CD6962F9C Relevance: 30.8, APIs: 15, Strings: 2, Instructions: 1030COMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020CD6940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd6940000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _errnowrite_multi_char$_invalid_parameter_noinfowrite_charwrite_string$__updatetlocinfo__updatetmbcinfo_fileno_getptd_getptd_noexit_isleadbyte_lfree
                                              • String ID: $@
                                              • API String ID: 3613058218-1077428164
                                              • Opcode ID: 0599035506f01076b605f9026c3628a483f4ccd483033c44f83e2593a1d2db07
                                              • Instruction ID: c15b1fea3665a709f428e8722ac13e9d376b0b16a4a2698dda580a8ed9031810
                                              • Opcode Fuzzy Hash: 0599035506f01076b605f9026c3628a483f4ccd483033c44f83e2593a1d2db07
                                              • Instruction Fuzzy Hash: 5C62E8B0918B498AFB69AB98C4697B9B7D1FB95310F34633DD487C32D3DA35D802C681
                                              Function 0000020CD6962528 Relevance: 29.0, APIs: 15, Strings: 1, Instructions: 1022COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020CD6940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd6940000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _errnowrite_multi_char$_invalid_parameter_noinfowrite_charwrite_string$__updatetlocinfo__updatetmbcinfo_fileno_getptd_getptd_noexit_isleadbyte_lfree
                                              • String ID:
                                              • API String ID: 3613058218-3916222277
                                              • Opcode ID: 99560b4e6a3ba651302837abcdacc877c80be0c82fbf8e81c16206e006ab6ccb
                                              • Instruction ID: e6d2bba614ab0409c283ec3e0e993ed418d345809c57e331a655190a2630e404
                                              • Opcode Fuzzy Hash: 99560b4e6a3ba651302837abcdacc877c80be0c82fbf8e81c16206e006ab6ccb
                                              • Instruction Fuzzy Hash: 4862B6B0918B498AFB6CEB9888693B9B7D1FB96314F34473DD487C71D3D6349842C682
                                              Function 0000020CD5161928 Relevance: 28.6, APIs: 14, Strings: 2, Instructions: 645COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _errno$Locale_invalid_parameter_noinfo$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_fileno_getptd_getptd_noexitwrite_multi_charwrite_string
                                              • String ID: -$0
                                              • API String ID: 3246410048-417717675
                                              • Opcode ID: 9d83564e1f44511746efc6243833ea10ca1e0c0cc6e5e094e442fc0115aecad6
                                              • Instruction ID: 6d3b7288a428f69caaecdc550cd670738d7c9172c5a244ffeb9b2467b78360b2
                                              • Opcode Fuzzy Hash: 9d83564e1f44511746efc6243833ea10ca1e0c0cc6e5e094e442fc0115aecad6
                                              • Instruction Fuzzy Hash: 1A420EF2608B9586FB648B19D54C7BE6BB4B745784F340326DE5A47AEBDB39C840CB00
                                              Function 0000020CD5165914 Relevance: 26.7, APIs: 14, Strings: 1, Instructions: 460COMMONLIBRARYCODE
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1967 20cd5165914-20cd516595c call 20cd515fec0 1970 20cd516595e-20cd5165960 1967->1970 1971 20cd5165965-20cd5165968 1967->1971 1972 20cd5166026-20cd516604f call 20cd5167220 1970->1972 1973 20cd516596a-20cd5165984 call 20cd51610a8 call 20cd5161118 call 20cd5161740 1971->1973 1974 20cd5165989-20cd51659bb 1971->1974 1973->1972 1975 20cd51659bd-20cd51659c4 1974->1975 1976 20cd51659c6-20cd51659cc 1974->1976 1975->1973 1975->1976 1979 20cd51659ce-20cd51659d6 call 20cd51670ec 1976->1979 1980 20cd51659db-20cd51659e4 call 20cd5168dbc 1976->1980 1979->1980 1989 20cd51659ea-20cd51659fb 1980->1989 1990 20cd5165ca6-20cd5165cb7 1980->1990 1989->1990 1994 20cd5165a01-20cd5165a35 call 20cd5164c44 call 20cd5171808 1989->1994 1992 20cd5165cbd-20cd5165cc9 1990->1992 1993 20cd5165f88-20cd5165fa4 call 20cd5171700 1990->1993 1995 20cd5165ccf-20cd5165cd2 1992->1995 1996 20cd5165d97-20cd5165d9b 1992->1996 2008 20cd5165fae-20cd5165fb4 call 20cd5171728 1993->2008 2009 20cd5165fa6-20cd5165fac 1993->2009 1994->1990 2020 20cd5165a3b-20cd5165a3d 1994->2020 2001 20cd5165cd8 1995->2001 2002 20cd5165fe6-20cd5165ffc 1995->2002 1999 20cd5165da1-20cd5165da4 1996->1999 2000 20cd5165e76-20cd5165e79 1996->2000 1999->2002 2006 20cd5165daa 1999->2006 2000->2002 2005 20cd5165e7f 2000->2005 2007 20cd5165cdb-20cd5165ce6 2001->2007 2010 20cd5165ffe-20cd5166002 2002->2010 2011 20cd5166008-20cd5166018 call 20cd5161118 call 20cd51610a8 2002->2011 2013 20cd5165e85-20cd5165e8a 2005->2013 2014 20cd5165daf-20cd5165dba 2006->2014 2015 20cd5165ce8-20cd5165cf1 2007->2015 2016 20cd5165fb6-20cd5165fb8 2008->2016 2009->2016 2010->1970 2010->2011 2026 20cd5166020-20cd5166024 2011->2026 2021 20cd5165e8c-20cd5165e95 2013->2021 2022 20cd5165dbc-20cd5165dc5 2014->2022 2023 20cd5165cf3-20cd5165cfc 2015->2023 2024 20cd5165d19-20cd5165d5c call 20cd5171700 2015->2024 2016->2026 2027 20cd5165fba-20cd5165fbc 2016->2027 2029 20cd5165a3f-20cd5165a42 2020->2029 2030 20cd5165a48-20cd5165a5c call 20cd5171810 2020->2030 2031 20cd5165ec6-20cd5165f0f call 20cd5171818 2021->2031 2032 20cd5165e97-20cd5165ea4 2021->2032 2033 20cd5165df8-20cd5165e3b call 20cd5171700 2022->2033 2034 20cd5165dc7-20cd5165dd4 2022->2034 2035 20cd5165cfe-20cd5165d05 2023->2035 2036 20cd5165d08-20cd5165d17 2023->2036 2024->2008 2056 20cd5165d62-20cd5165d78 2024->2056 2026->1972 2027->2002 2038 20cd5165fbe-20cd5165fc1 2027->2038 2029->1990 2029->2030 2059 20cd5165a62-20cd5165a65 2030->2059 2060 20cd5165c9d-20cd5165ca1 2030->2060 2031->2008 2062 20cd5165f15 2031->2062 2044 20cd5165eb2-20cd5165ec4 2032->2044 2045 20cd5165ea6-20cd5165eae 2032->2045 2033->2008 2063 20cd5165e41-20cd5165e57 2033->2063 2047 20cd5165dd6-20cd5165de0 2034->2047 2048 20cd5165de4-20cd5165df6 2034->2048 2035->2036 2036->2015 2036->2024 2040 20cd5165fc3-20cd5165fd3 call 20cd5161118 call 20cd51610a8 2038->2040 2041 20cd5165fda-20cd5165fe1 call 20cd51610c8 2038->2041 2040->2041 2041->2002 2044->2021 2044->2031 2045->2044 2047->2048 2048->2022 2048->2033 2056->2016 2057 20cd5165d7e-20cd5165d8c 2056->2057 2057->2007 2064 20cd5165d92 2057->2064 2066 20cd5165bef-20cd5165bf4 2059->2066 2067 20cd5165a6b-20cd5165a8a 2059->2067 2060->2027 2068 20cd5165f17-20cd5165f51 call 20cd5171700 2062->2068 2063->2016 2069 20cd5165e5d-20cd5165e6b 2063->2069 2064->2016 2070 20cd5165bf6-20cd5165c12 2066->2070 2071 20cd5165c14 2066->2071 2073 20cd5165aac-20cd5165ab6 call 20cd5167b38 2067->2073 2074 20cd5165a8c-20cd5165aaa 2067->2074 2085 20cd5165f53-20cd5165f5d 2068->2085 2086 20cd5165f61-20cd5165f69 call 20cd5171728 2068->2086 2069->2014 2076 20cd5165e71 2069->2076 2077 20cd5165c19-20cd5165c1e 2070->2077 2071->2077 2090 20cd5165aec-20cd5165af2 2073->2090 2091 20cd5165ab8-20cd5165ac5 2073->2091 2078 20cd5165af5-20cd5165b02 call 20cd516a1ec 2074->2078 2076->2016 2082 20cd5165c20-20cd5165c2f call 20cd516a1f4 2077->2082 2083 20cd5165c5f 2077->2083 2096 20cd5165b08-20cd5165b45 call 20cd5171818 2078->2096 2097 20cd5165c94-20cd5165c98 2078->2097 2082->2008 2104 20cd5165c35-20cd5165c3b 2082->2104 2092 20cd5165c64-20cd5165c6c 2083->2092 2085->2068 2093 20cd5165f5f 2085->2093 2094 20cd5165f6d-20cd5165f6f 2086->2094 2090->2078 2099 20cd5165c73-20cd5165c8b 2091->2099 2100 20cd5165acb-20cd5165ae1 call 20cd516a1ec 2091->2100 2092->2097 2101 20cd5165c6e 2092->2101 2093->2094 2094->2016 2102 20cd5165f71-20cd5165f80 2094->2102 2096->2097 2110 20cd5165b4b-20cd5165b7a call 20cd5171700 2096->2110 2097->2016 2099->2097 2100->2097 2112 20cd5165ae7-20cd5165aea 2100->2112 2101->2059 2102->2013 2106 20cd5165f86 2102->2106 2104->2083 2108 20cd5165c3d-20cd5165c53 call 20cd516a1f4 2104->2108 2106->2016 2108->2008 2116 20cd5165c59-20cd5165c5b 2108->2116 2110->2008 2117 20cd5165b80-20cd5165b8e 2110->2117 2112->2096 2116->2083 2117->2097 2118 20cd5165b94-20cd5165b9e 2117->2118 2118->2092 2119 20cd5165ba4-20cd5165bd6 call 20cd5171700 2118->2119 2119->2008 2122 20cd5165bdc-20cd5165be1 2119->2122 2122->2097 2123 20cd5165be7-20cd5165bed 2122->2123 2123->2092
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: __doserrno_errno_invalid_parameter_noinfo
                                              • String ID: U
                                              • API String ID: 3902385426-4171548499
                                              • Opcode ID: 1e306023ed328bab19b7a5d60cdebdd92491a2c212ad1309fcb9b443deab4914
                                              • Instruction ID: 5d3ab83030ea9c72fd7b79b8d20069e1c60ba94365fffb439b5823428904af3c
                                              • Opcode Fuzzy Hash: 1e306023ed328bab19b7a5d60cdebdd92491a2c212ad1309fcb9b443deab4914
                                              • Instruction Fuzzy Hash: DA12E1B221478686EB208F28D48C3AEB7A5F785794FB10336EB89476D6DB3DC545CB10
                                              Function 0000020CD6957B38 Relevance: 13.3, APIs: 10, Instructions: 790COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020CD6940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd6940000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _snprintf$_errno_invalid_parameter_noinfo
                                              • String ID:
                                              • API String ID: 3442832105-0
                                              • Opcode ID: 5c5fb6f4a09e06ccff5c46792293312cb34477fc99d63142bfc01bcec4b0117e
                                              • Instruction ID: d7fdfbd8fb4d8eb528af380138dea349738a53e6b25ab7a99fe23c5e2b9cba2d
                                              • Opcode Fuzzy Hash: 5c5fb6f4a09e06ccff5c46792293312cb34477fc99d63142bfc01bcec4b0117e
                                              • Instruction Fuzzy Hash: EA52AF7011CE899BE759AB2CD4666E0F3E0FF68315F545228E985C75A3EB30E683C781
                                              Function 0000020CD5156F38 Relevance: 13.0, APIs: 10, Instructions: 545COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _snprintf$_errno_invalid_parameter_noinfo
                                              • String ID:
                                              • API String ID: 3442832105-0
                                              • Opcode ID: 5c5fb6f4a09e06ccff5c46792293312cb34477fc99d63142bfc01bcec4b0117e
                                              • Instruction ID: 93836796f5ad62e523c1dd884a419d14a751e53c43c18e9078705a7e0b09c7b0
                                              • Opcode Fuzzy Hash: 5c5fb6f4a09e06ccff5c46792293312cb34477fc99d63142bfc01bcec4b0117e
                                              • Instruction Fuzzy Hash: C442C7A1618F8492FA159B29D0053EDA3B0FF58799F146311DF8917B66EF38D2A6C340
                                              Function 0000020CD516B7B0 Relevance: 5.9, Strings: 4, Instructions: 884COMMONLIBRARYCODE
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID: $<$ailure #%d - %s$e '
                                              • API String ID: 0-963976815
                                              • Opcode ID: b07265f8357a11157a4f9c9ad581af4fb46f207739a0a4220b37d603b0229bef
                                              • Instruction ID: 0c05ec3c2b27978c9f51a2bdb700d4a6c4852008907e1a9266fc4d6b1ddf5310
                                              • Opcode Fuzzy Hash: b07265f8357a11157a4f9c9ad581af4fb46f207739a0a4220b37d603b0229bef
                                              • Instruction Fuzzy Hash: A492D1B2325A4087DB58CB1DE4A573AB7A1F3C8B84F54513AEB9B87795CA3CC451CB04
                                              Function 0000020CD516C397 Relevance: 2.6, Strings: 2, Instructions: 134COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID: ailure #%d - %s$e '
                                              • API String ID: 0-4163927988
                                              • Opcode ID: aa69cfbe2dfd85e7477dd7a8e83c12114f76cab9aed25d9437113f4cd473f74e
                                              • Instruction ID: df62a72d58d4c94034b2c6aede326779fcab56e071614161ab77a7abe65b154e
                                              • Opcode Fuzzy Hash: aa69cfbe2dfd85e7477dd7a8e83c12114f76cab9aed25d9437113f4cd473f74e
                                              • Instruction Fuzzy Hash: 01610CB6214A508BD714CB0DE49476EB7E1F3CCB98F94421AE38B87769DA3CD945CB40
                                              Function 0000020CD69601A8 Relevance: 1.8, APIs: 1, Instructions: 304COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020CD6940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd6940000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _initp_misc_winsig
                                              • String ID:
                                              • API String ID: 2710132595-0
                                              • Opcode ID: c8c90554330dcabd03fa81e8dd660722591610607187a6cda5de2b4df199049a
                                              • Instruction ID: 88d91321dcfd98901f664917c1ee4a49007a27980c02c35dacdd45099090f674
                                              • Opcode Fuzzy Hash: c8c90554330dcabd03fa81e8dd660722591610607187a6cda5de2b4df199049a
                                              • Instruction Fuzzy Hash: CDA1CE71619A098FEF54FFB5E8986AA37B2F764301721893A904AC3174DA7CD545CF40
                                              Function 0000020CD696DBF0 Relevance: .8, Instructions: 783COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020CD6940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd6940000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 598c92a77d3f8dda66df7f00e42631b8bb25fed254ebd76fcbad8f8343bff3d7
                                              • Instruction ID: b59b5b62bc774abbfff1d5b577d5fc8b66d109664cc42878fd20c2ebc860b3b0
                                              • Opcode Fuzzy Hash: 598c92a77d3f8dda66df7f00e42631b8bb25fed254ebd76fcbad8f8343bff3d7
                                              • Instruction Fuzzy Hash: 49620A312286558FD31CCB1CC5B1B7AB7E1FB89340F44896DE287CB692C639DA45CB91
                                              Function 0000020CD696D280 Relevance: .8, Instructions: 761COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020CD6940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd6940000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b966ddc3a4a27f87df3b0e1d0093439f08c10720c9c40116a815356078c1d6ce
                                              • Instruction ID: 1a10c355593e995b486cfa8681fc353108525a951ddc14f387fd9df7fb973e39
                                              • Opcode Fuzzy Hash: b966ddc3a4a27f87df3b0e1d0093439f08c10720c9c40116a815356078c1d6ce
                                              • Instruction Fuzzy Hash: 3452EE312286558FD31CCF1CC5A1E7AB7E1FB8D340F448A6DE28ACB692C639D545CB91
                                              Function 0000020CD516CFF0 Relevance: .6, Instructions: 617COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 598c92a77d3f8dda66df7f00e42631b8bb25fed254ebd76fcbad8f8343bff3d7
                                              • Instruction ID: 4364f8e0bbdea65df225a2b9c98a41bfbc57c204c89f7d5711303df04a7ae4ab
                                              • Opcode Fuzzy Hash: 598c92a77d3f8dda66df7f00e42631b8bb25fed254ebd76fcbad8f8343bff3d7
                                              • Instruction Fuzzy Hash: E25243B22189458BD708CB1CE4A577AB7E1F3C9B80F44462AE79B8B799CE3DD554CB00
                                              Function 0000020CD516C680 Relevance: .6, Instructions: 592COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b966ddc3a4a27f87df3b0e1d0093439f08c10720c9c40116a815356078c1d6ce
                                              • Instruction ID: 9281a0039f8a93e312ee137b119ea9cabe6340274c09441a488343102ad25a8d
                                              • Opcode Fuzzy Hash: b966ddc3a4a27f87df3b0e1d0093439f08c10720c9c40116a815356078c1d6ce
                                              • Instruction Fuzzy Hash: 695256B22186808BD708CF1DE4A573AB7E1F3C9B80F54862AE79787799CA3DD545CB40
                                              Function 0000020CD5149680 Relevance: .4, Instructions: 404COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: free
                                              • String ID:
                                              • API String ID: 1294909896-0
                                              • Opcode ID: 037a88b3a0e0121372c1e8929510804f124a0a98294513f128062ea9428e9fbd
                                              • Instruction ID: a5e31191abe3ebfdbc031a47dab59c673186c356cd209760719dd76c1791f8ad
                                              • Opcode Fuzzy Hash: 037a88b3a0e0121372c1e8929510804f124a0a98294513f128062ea9428e9fbd
                                              • Instruction Fuzzy Hash: D0F18BB2704B4296EB20DB15E49479E63A1F7947D8F602239DA4F8778BEF34C945CB40
                                              Function 0000020CD514CE3C Relevance: .4, Instructions: 374COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f74bee57ece39a3ee739721ddd6b8b7c874878cbec99e002ba7fd2a6b2694298
                                              • Instruction ID: cd9497eccd8f7e640aa28a6757c013d002f243aa052f4085f8857235ee7e38fd
                                              • Opcode Fuzzy Hash: f74bee57ece39a3ee739721ddd6b8b7c874878cbec99e002ba7fd2a6b2694298
                                              • Instruction Fuzzy Hash: A4E19FA2B1070187FB64CB25E8493AE63A1F744755F64A639DB8B97B97EB3CE441C300
                                              Function 0000020CD514916C Relevance: .4, Instructions: 367COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: free
                                              • String ID:
                                              • API String ID: 1294909896-0
                                              • Opcode ID: a24fb40c631e4fb8bf858a82f26ba5d2e30cdac9459d39304e37b5ee64eada3e
                                              • Instruction ID: ade5696e6cd7c81ffc7fdefa11e5d424f3cce4f4e27b80a97dba7181b783ccaf
                                              • Opcode Fuzzy Hash: a24fb40c631e4fb8bf858a82f26ba5d2e30cdac9459d39304e37b5ee64eada3e
                                              • Instruction Fuzzy Hash: E2E1C6F2304B4292EF20DB25D4947AE67A1F794798FA02239DA4F8769BEF34C945C740
                                              Function 0000020CD5150334 Relevance: .2, Instructions: 163COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 466de111811528a62f1f30eaf25973b5c551d59befa8947403ad49e7d2f1a529
                                              • Instruction ID: f8825c130e84502a829bb4b6b971fd48b781583b12d81cfbcd67afaa7f35171b
                                              • Opcode Fuzzy Hash: 466de111811528a62f1f30eaf25973b5c551d59befa8947403ad49e7d2f1a529
                                              • Instruction Fuzzy Hash: 367190B2614B41CAEB60DF65E44975E73F0F748B85F206639DA4A83B9EDF38C8448B40
                                              Function 0000020CD6966E1C Relevance: 16.6, APIs: 11, Instructions: 108COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020CD6940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd6940000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: __doserrno_errno_getptd_noexit$_invalid_parameter_noinfo
                                              • String ID:
                                              • API String ID: 388111225-0
                                              • Opcode ID: f569b21a01fad2a92039226acf8a97d91cb16fac7f3924a9cc2c8e1a455bf938
                                              • Instruction ID: 5d6c955c4e04418790ce5f2b950a927bb9e69eaae4a7f3b724fff4682590f794
                                              • Opcode Fuzzy Hash: f569b21a01fad2a92039226acf8a97d91cb16fac7f3924a9cc2c8e1a455bf938
                                              • Instruction Fuzzy Hash: E831A1B16587454FE719BFECD8AA37D3690EB82320F71077AE416872E3D6749802D392
                                              Function 0000020CD5161B48 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 227COMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: write_multi_char$write_string$free
                                              • String ID:
                                              • API String ID: 2630409672-3916222277
                                              • Opcode ID: 1c8d6b8a065489df9c71b2e8ea70d157333f6dd13db57c526a3ea5ce9db962ed
                                              • Instruction ID: 41a2fc6da48da0394dde15886fe3acc0057eba1898d9e9d7b9c96a6e571dfcef
                                              • Opcode Fuzzy Hash: 1c8d6b8a065489df9c71b2e8ea70d157333f6dd13db57c526a3ea5ce9db962ed
                                              • Instruction Fuzzy Hash: D2A1F7A760874186FB21CB65E4083AE7BB0F785794F341225DF5A17BDADB39C945CB00
                                              Function 0000020CD6967C08 Relevance: 15.1, APIs: 10, Instructions: 93COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020CD6940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd6940000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseeki64_nolock_unlock_fhandle
                                              • String ID:
                                              • API String ID: 2644381645-0
                                              • Opcode ID: 1a0056bbafc3a7faafb75a0a5683c60387dc6450d26c6e1c9b28f7a797692c5c
                                              • Instruction ID: d55b42920ca3747b1f6628f22154ff83fa6516729730f1ee14df9637554f6673
                                              • Opcode Fuzzy Hash: 1a0056bbafc3a7faafb75a0a5683c60387dc6450d26c6e1c9b28f7a797692c5c
                                              • Instruction Fuzzy Hash: 3121C7B1618B044FF719BB9C986A7BD72D0EB86321F750779F01B8B2D3D6785841C2A1
                                              Function 0000020CD6967A90 Relevance: 15.1, APIs: 10, Instructions: 88COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020CD6940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd6940000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseek_nolock_unlock_fhandle
                                              • String ID:
                                              • API String ID: 1078912150-0
                                              • Opcode ID: af586274eb7c0247a5ed565ce490a43ddd2b1adc4c580e4a875ff27a69eb19f0
                                              • Instruction ID: 316e36a4e1ccb37eb17da357c69af0f2f3b815458b06dc408e952e3bf80c33aa
                                              • Opcode Fuzzy Hash: af586274eb7c0247a5ed565ce490a43ddd2b1adc4c580e4a875ff27a69eb19f0
                                              • Instruction Fuzzy Hash: E921B2B16087004FF719BBAC98AA3BD7690EB82321F350379F0568B2D7D6745801D2A2
                                              Function 0000020CD516621C Relevance: 15.1, APIs: 10, Instructions: 81COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: __doserrno_errno_getptd_noexit$_invalid_parameter_noinfo
                                              • String ID:
                                              • API String ID: 388111225-0
                                              • Opcode ID: 9a7e94428e85d4ed5cd8e77b1af53c202f15bf406c2c29a1a7d54b8e8c205bff
                                              • Instruction ID: 3b76dc36c34bf86940aa68f3e18cf5f1f3e8a78a34e8eeb8fa24ddd58f617371
                                              • Opcode Fuzzy Hash: 9a7e94428e85d4ed5cd8e77b1af53c202f15bf406c2c29a1a7d54b8e8c205bff
                                              • Instruction Fuzzy Hash: A43102F230038486E7126F75988A76D7A60A781BA0FB58339EE35177D3CB38C841D710
                                              Function 0000020CD516F150 Relevance: 13.6, APIs: 9, Instructions: 127COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _errno_getptd_noexit_invalid_parameter_noinfo
                                              • String ID:
                                              • API String ID: 1812809483-0
                                              • Opcode ID: bd2089a42f628a497311986bb7142f0c797ae3413767483a07d765319bf433f4
                                              • Instruction ID: 68e9961368dab1ea64f94bb01bdee397ae8587a129895f944a616412e15560f5
                                              • Opcode Fuzzy Hash: bd2089a42f628a497311986bb7142f0c797ae3413767483a07d765319bf433f4
                                              • Instruction Fuzzy Hash: 934126F661139586FB60AB2584493AD76E1F755BE5FB04339EA54436CFD728C841CF00
                                              Function 0000020CD6966434 Relevance: 13.6, APIs: 9, Instructions: 89COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020CD6940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd6940000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_unlock_fhandle
                                              • String ID:
                                              • API String ID: 2464146582-0
                                              • Opcode ID: c89056d156aae0bb9c491ae48c02d203d405bbf82af9f534bcd04b22b5544d86
                                              • Instruction ID: b86f3356c914d7e3eb54c56fb4f2e0872956cb68f853e3c0929fe9ebeaf54252
                                              • Opcode Fuzzy Hash: c89056d156aae0bb9c491ae48c02d203d405bbf82af9f534bcd04b22b5544d86
                                              • Instruction Fuzzy Hash: A621E2B0A487004EF319BB9CD8BA3AC76D0EB82321F750379E05A872D3D6B45801C2A2
                                              Function 0000020CD6965C58 Relevance: 13.6, APIs: 9, Instructions: 71COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020CD6940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd6940000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _getptd_noexit$__doserrno__lock_fhandle_close_nolock_errno_unlock_fhandle
                                              • String ID:
                                              • API String ID: 2140805544-0
                                              • Opcode ID: d63a0d9a057a00514656f61d256491cfcc4309f98023220473e92bade8306c33
                                              • Instruction ID: 321fbd92427950410cd1295bbbf9e50019decef748b49a06531793b396af7d98
                                              • Opcode Fuzzy Hash: d63a0d9a057a00514656f61d256491cfcc4309f98023220473e92bade8306c33
                                              • Instruction Fuzzy Hash: C121CDB1509B404EF719BBA888BA3A87690EF41331F75077AE41B872E3C6788801C761
                                              Function 0000020CD5167008 Relevance: 13.6, APIs: 9, Instructions: 67COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseeki64_nolock
                                              • String ID:
                                              • API String ID: 4140391395-0
                                              • Opcode ID: 19101616f3e261a9beafbca214444aa2a5cb8e231afb96d714edbab2d78f6c11
                                              • Instruction ID: ea68c09447c75c3f1638f6333324fef0815cc553b7d96b86eadfb3ac29e20274
                                              • Opcode Fuzzy Hash: 19101616f3e261a9beafbca214444aa2a5cb8e231afb96d714edbab2d78f6c11
                                              • Instruction Fuzzy Hash: 4521D2A274038446FB122F25984A3BDAA51A781BF1F794735EE350B3D3CB788441C731
                                              Function 0000020CD5166E90 Relevance: 13.6, APIs: 9, Instructions: 67COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseek_nolock
                                              • String ID:
                                              • API String ID: 310312816-0
                                              • Opcode ID: 58556fb0ae643294109593e6a1f551c1d1756168c239dbf47c2b40feda9217b5
                                              • Instruction ID: c45bd210a8e7f6e3db333ed80921a9f409bf09eada6ce20da792285075b5f49f
                                              • Opcode Fuzzy Hash: 58556fb0ae643294109593e6a1f551c1d1756168c239dbf47c2b40feda9217b5
                                              • Instruction Fuzzy Hash: A221E1F270078146F7126F65E85E3AD6A61AB807E2F794379AA250B3D3CB7C8841C764
                                              Function 0000020CD695FF6C Relevance: 12.6, APIs: 10, Instructions: 116COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020CD6940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd6940000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: free$_errno
                                              • String ID:
                                              • API String ID: 2288870239-0
                                              • Opcode ID: f2c387d57ff385ba375dc00a6173171a26f2c39e06d74853e0125178de0f68c4
                                              • Instruction ID: 03d761f9744cbbae0839e8758ab7cdbf26c3fdc7d6a5466f84d16b92e4cabf66
                                              • Opcode Fuzzy Hash: f2c387d57ff385ba375dc00a6173171a26f2c39e06d74853e0125178de0f68c4
                                              • Instruction Fuzzy Hash: 2F4190B0254B4A8FFB94FB98D8ECBA472D0F759325F7441799405C26EBDA7C8942CB10
                                              Function 0000020CD515F36C Relevance: 12.6, APIs: 10, Instructions: 73COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: free$_errno
                                              • String ID:
                                              • API String ID: 2288870239-0
                                              • Opcode ID: 819b4a270ea7d8595eaf9ac501f5b396dc923916a4c2f054388fd72371d1b91d
                                              • Instruction ID: 80a8ec9336e7d12a4782ea10bd40052675291255a1d6f207e9bf1798b9e990c0
                                              • Opcode Fuzzy Hash: 819b4a270ea7d8595eaf9ac501f5b396dc923916a4c2f054388fd72371d1b91d
                                              • Instruction Fuzzy Hash: 8E3109E1601B4091FF65EB15E89D3AC67B1BB547A4F3C1736CA190AAABDF3CC448C201
                                              Function 0000020CD696FD50 Relevance: 12.2, APIs: 8, Instructions: 177COMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020CD6940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd6940000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _errno_getptd_noexit_invalid_parameter_noinfo
                                              • String ID:
                                              • API String ID: 1812809483-0
                                              • Opcode ID: f9c4d6ed39d3bdcb6b80e8c2d76cc2c0cca7aaaf292465ae2b9830194cf53d53
                                              • Instruction ID: c71d806dde1e522a9011f42df02c8bd03584f15ab39424bc0933e590826241af
                                              • Opcode Fuzzy Hash: f9c4d6ed39d3bdcb6b80e8c2d76cc2c0cca7aaaf292465ae2b9830194cf53d53
                                              • Instruction Fuzzy Hash: CB5114B0114B1A4BEB68BBA884693B976D2FB24321FB4037BE496C71DBD7349841C381
                                              Function 0000020CD5165834 Relevance: 12.1, APIs: 8, Instructions: 67COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno
                                              • String ID:
                                              • API String ID: 2611593033-0
                                              • Opcode ID: 268773e762f2e10da4a59bd6545c27f05d9dc8848c407f150f864121acff7d22
                                              • Instruction ID: 80ce22194c0a30864fca98bbc0cc97434a3b004a0c2ad9e75208db4237e47c5e
                                              • Opcode Fuzzy Hash: 268773e762f2e10da4a59bd6545c27f05d9dc8848c407f150f864121acff7d22
                                              • Instruction Fuzzy Hash: 6721E7B270038046F7116F26DC4E3AD6A51A780BE2FBA4735AA15077D3CB788841D720
                                              Function 0000020CD5165058 Relevance: 12.1, APIs: 8, Instructions: 57COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _getptd_noexit$__doserrno__lock_fhandle_close_nolock_errno
                                              • String ID:
                                              • API String ID: 4060740672-0
                                              • Opcode ID: 17379182c61e94fbc4142119cfcf5b3e3f43e3e6c30bf76299a690df2e0bdcd6
                                              • Instruction ID: e8fdbbb29ea112a0bc53281b02adff75ecabd33eae9a4ac9e9f95222f3208a11
                                              • Opcode Fuzzy Hash: 17379182c61e94fbc4142119cfcf5b3e3f43e3e6c30bf76299a690df2e0bdcd6
                                              • Instruction Fuzzy Hash: 4A11E3F26403C446F7156F399C8E3AC6A51A7807A2FBB4734EA1A073D3DA78C841C750
                                              Function 0000020CD694460C Relevance: 11.6, APIs: 9, Instructions: 305COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020CD6940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd6940000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: free$malloc$_errno$_callnewh
                                              • String ID:
                                              • API String ID: 4160633307-0
                                              • Opcode ID: 78c5723810e6e6d18fab4a62d391ea0db65c57382cb75ed74f6abc212771b6cb
                                              • Instruction ID: 41236910a490c3205ba13ccd8e72fceb930e89cd71a9a62cf0c779a9b54f8cef
                                              • Opcode Fuzzy Hash: 78c5723810e6e6d18fab4a62d391ea0db65c57382cb75ed74f6abc212771b6cb
                                              • Instruction Fuzzy Hash: EF91A8B0318B494BD759BB6C98697B973D1EB95714F60037ED48AC3387EE30A806C6C6
                                              Function 0000020CD5143A0C Relevance: 11.5, APIs: 9, Instructions: 201COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: free$malloc$_errno$_callnewh
                                              • String ID:
                                              • API String ID: 4160633307-0
                                              • Opcode ID: 930309f8498ff7a349f5473874db00cb4ae22164d30aab4612de4250541046de
                                              • Instruction ID: 56a8ebe7abebf98e69789388013e34dba99bf8bafe9b0f7ce6320e524b33e367
                                              • Opcode Fuzzy Hash: 930309f8498ff7a349f5473874db00cb4ae22164d30aab4612de4250541046de
                                              • Instruction Fuzzy Hash: 1C7103A270478946EF21DB2694487AE77A1B794BC8F24673ADE4747B87DB38C446CB00
                                              Function 0000020CD695FE10 Relevance: 10.6, APIs: 7, Instructions: 107COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020CD6940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd6940000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Packaged__crt_dosmaperr_errno_getptd_noexit_invalid_parameter_noinfo
                                              • String ID:
                                              • API String ID: 2917016420-0
                                              • Opcode ID: cfbfe809ff06962f400f8854e8dfaca57605153f463412cb5835124c7fa4a529
                                              • Instruction ID: c78cfa361d46792d523cf0e94917751b2b9d4787b10d61e04d85d1ea2d9083a1
                                              • Opcode Fuzzy Hash: cfbfe809ff06962f400f8854e8dfaca57605153f463412cb5835124c7fa4a529
                                              • Instruction Fuzzy Hash: 1031A470614B094FEB48BB69986D76976D1FB98320F24427DA44AC32D7DB38C841CB42
                                              Function 0000020CD696A73C Relevance: 10.6, APIs: 7, Instructions: 78COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020CD6940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd6940000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _errno$__doserrno__lock_fhandle_getptd_noexit_unlock_fhandle
                                              • String ID:
                                              • API String ID: 4120058822-0
                                              • Opcode ID: 9341880fa3ae8ea43da77f4714028596b22b009dd5c4526b8d460d71b2af8a07
                                              • Instruction ID: 4cf9ccbef9798b27842e8adecd8739a6cc302eaf34406154c072e6d09c11c3cd
                                              • Opcode Fuzzy Hash: 9341880fa3ae8ea43da77f4714028596b22b009dd5c4526b8d460d71b2af8a07
                                              • Instruction Fuzzy Hash: E02101B0A08B404EF718BBE898BA36D7AA0EB41310F75037CE11B872D7D6785C41C395
                                              Function 0000020CD515F210 Relevance: 10.6, APIs: 7, Instructions: 73COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Packaged__crt_dosmaperr_errno_getptd_noexit_invalid_parameter_noinfo
                                              • String ID:
                                              • API String ID: 2917016420-0
                                              • Opcode ID: 6bd0c9401fb351ee2ef62b7ec5c1d05d22ccd8d85f9d07845cb75c559d0d09e7
                                              • Instruction ID: 74a2d59dc11517b160c07424bb6aa3cae18eecbd5eff0e74355baa5858979912
                                              • Opcode Fuzzy Hash: 6bd0c9401fb351ee2ef62b7ec5c1d05d22ccd8d85f9d07845cb75c559d0d09e7
                                              • Instruction Fuzzy Hash: 6C319FF5200B4086FB20AB66984A36D66E1FB89B94F7447349E5543BDBDF78C440C700
                                              Function 0000020CD516EFD0 Relevance: 10.6, APIs: 7, Instructions: 72COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Locale$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_errno_getptd_invalid_parameter_noinfo
                                              • String ID:
                                              • API String ID: 3191669884-0
                                              • Opcode ID: 17da934d4d304edacbb08e48815c32878d4d79cd43a7a40298e59a88dbb9cc3b
                                              • Instruction ID: 1c5065b1bc3fc98542c7ffe5a55f6dc0df4588a22f10cb0b96d7c67848946ab0
                                              • Opcode Fuzzy Hash: 17da934d4d304edacbb08e48815c32878d4d79cd43a7a40298e59a88dbb9cc3b
                                              • Instruction Fuzzy Hash: 61317EB22047848AE7209F1194887ADB7A6F794BE0F748331EE5847BCBCB75C845C700
                                              Function 0000020CD6960B10 Relevance: 9.3, APIs: 6, Instructions: 257COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020CD6940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd6940000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _errno$_filbuf_fileno_getptd_noexit_invalid_parameter_noinfomemcpy_s
                                              • String ID:
                                              • API String ID: 2328795619-0
                                              • Opcode ID: 4bbdce99b29ecd3e24264ac9f3b66a56e11342a03ebc5466d7d382185dba5216
                                              • Instruction ID: 2359366adaecc3902a9139b44ea5963d9e068da41afa899d97449f32d5a15408
                                              • Opcode Fuzzy Hash: 4bbdce99b29ecd3e24264ac9f3b66a56e11342a03ebc5466d7d382185dba5216
                                              • Instruction Fuzzy Hash: D6619470618F094AEB6C7BAC55BE23972D1E796720F34433ED45AC32D7DA70A852C2C1
                                              Function 0000020CD515FF10 Relevance: 9.2, APIs: 6, Instructions: 166COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _errno$_filbuf_fileno_getptd_noexit_invalid_parameter_noinfomemcpy_s
                                              • String ID:
                                              • API String ID: 2328795619-0
                                              • Opcode ID: a6b8c894bc097219f3410178b0f3ee4aa495d15850340b6c84f373b071b042dd
                                              • Instruction ID: b5a5ebdcd92e9782b0ba9cf384fbbefa54d5369ccca87e4e9fbaf43cad6c564d
                                              • Opcode Fuzzy Hash: a6b8c894bc097219f3410178b0f3ee4aa495d15850340b6c84f373b071b042dd
                                              • Instruction Fuzzy Hash: E9514AF270439182FA689B26590876E66A0B346BF4F345735BE3943FDBDB38C8918340
                                              Function 0000020CD696FBD0 Relevance: 9.1, APIs: 6, Instructions: 108COMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020CD6940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd6940000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: __updatetlocinfo__updatetmbcinfo_errno_getptd_invalid_parameter_noinfo
                                              • String ID:
                                              • API String ID: 2808835054-0
                                              • Opcode ID: 04a51c6534ba67d8c2ce71a0e6c0b8946822a3beaaa0ad6abf8e1e016199c0f5
                                              • Instruction ID: f8639128d37f189ce3fe5978a1d219d72b723186859ddb6de80cec77fd85ef5a
                                              • Opcode Fuzzy Hash: 04a51c6534ba67d8c2ce71a0e6c0b8946822a3beaaa0ad6abf8e1e016199c0f5
                                              • Instruction Fuzzy Hash: 99316FB0618B084FDB54EF9890A976972D1FB58310F6103BAE84AC72DBDB74DC41C781
                                              Function 0000020CD6960620 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020CD6940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd6940000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _errno$_getptd_noexit_getstream_invalid_parameter_noinfo_openfile
                                              • String ID:
                                              • API String ID: 1547050394-0
                                              • Opcode ID: 25a8bf288fd42ce426ab2ae56b53d18e2e8359fd32586f4ae3706e9ff750b65b
                                              • Instruction ID: fedcf52341f073f84abe738b8eb4d16e99b083eca66283823895fd2fae961c96
                                              • Opcode Fuzzy Hash: 25a8bf288fd42ce426ab2ae56b53d18e2e8359fd32586f4ae3706e9ff750b65b
                                              • Instruction Fuzzy Hash: C721A1B0618B098FF794BBA9446936E76D1EB9A310F25077AE449C3293DA74CC41D382
                                              Function 0000020CD515FA20 Relevance: 9.1, APIs: 6, Instructions: 65COMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _errno$_getptd_noexit_getstream_invalid_parameter_noinfo_openfile
                                              • String ID:
                                              • API String ID: 1547050394-0
                                              • Opcode ID: 0ee48a0889aaee90efd1175476a0cb7edf48224d72ecded3f82ab5c2f8e8549f
                                              • Instruction ID: 7893f8cd935336ebcf6e8283caa1e371cc469ea36c030fc892f144103de0ead3
                                              • Opcode Fuzzy Hash: 0ee48a0889aaee90efd1175476a0cb7edf48224d72ecded3f82ab5c2f8e8549f
                                              • Instruction Fuzzy Hash: 1521ECE1305B8295FB215F32A80A35EA6A5B745BC0F645631BE4997FDBEF3CC4418701
                                              Function 0000020CD5169B3C Relevance: 9.1, APIs: 6, Instructions: 63COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _errno$__doserrno__lock_fhandle_getptd_noexit
                                              • String ID:
                                              • API String ID: 2102446242-0
                                              • Opcode ID: acc1e709539f3a0e8ebe9ec8259c6fe6fa9b3b7ac075e700e957115c0bfbe106
                                              • Instruction ID: a6cf9b274511e137542f083ec1e5c9879adf3c19b89c840e316d37b5c57cdcd2
                                              • Opcode Fuzzy Hash: acc1e709539f3a0e8ebe9ec8259c6fe6fa9b3b7ac075e700e957115c0bfbe106
                                              • Instruction Fuzzy Hash: 862103B13007818BFB116F6998DE7AD6A94AB817E0F394338EA164B3D3CB78C841C314
                                              Function 0000020CD515E3EC Relevance: 9.0, APIs: 5, Strings: 1, Instructions: 45COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _errnomalloc$_callnewh$_invalid_parameter_noinfo_snprintf
                                              • String ID: dpoolWait
                                              • API String ID: 2026495703-1875951006
                                              • Opcode ID: 8070209c1cbe6b8a0a820429e4883b75791e823d018c18b7f063917c64386bf6
                                              • Instruction ID: 7e1b39df83f1b973dfdf4e4534e288104c23c0b4ad16bcdb3e86c77dc8c7ac5c
                                              • Opcode Fuzzy Hash: 8070209c1cbe6b8a0a820429e4883b75791e823d018c18b7f063917c64386bf6
                                              • Instruction Fuzzy Hash: 4C01C0F1B04B9081EA04DB12B80875D66A9F798FE0F256369EEA9477CBCF38C4418780
                                              Function 0000020CD69531F4 Relevance: 9.0, APIs: 7, Instructions: 264stringCOMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020CD6940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd6940000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: freemallocstrchr$_errnorand
                                              • String ID:
                                              • API String ID: 2126518082-0
                                              • Opcode ID: f35e4bf4a30ec4413237561f10dac7197b8990473e0b46e11b580f4fb44e5963
                                              • Instruction ID: 25dda93c23f0882907c67cea4b5192f030d5233075d6f87eac41c088f54df09b
                                              • Opcode Fuzzy Hash: f35e4bf4a30ec4413237561f10dac7197b8990473e0b46e11b580f4fb44e5963
                                              • Instruction Fuzzy Hash: 7881E270218F884AEB6ABF2C94293F6B3D0FF99315F100679D58AC3193EA358947C781
                                              Function 0000020CD51525F4 Relevance: 8.9, APIs: 7, Instructions: 181stringCOMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: freemallocstrchr$rand
                                              • String ID:
                                              • API String ID: 1305919620-0
                                              • Opcode ID: f55c98597b31e9256bdda085e271814e8bdd530284bc77f6856305a025606a71
                                              • Instruction ID: c8aea2527a9191bd1ee4308a8a00954930e4f5ca095a1ec220d45dc3028c72c7
                                              • Opcode Fuzzy Hash: f55c98597b31e9256bdda085e271814e8bdd530284bc77f6856305a025606a71
                                              • Instruction Fuzzy Hash: D771F6E2604BC441FA25DF29A4193EEA3B0FF95B84F186334DB991779BEE39C1468700
                                              Function 0000020CD6944170 Relevance: 8.9, APIs: 7, Instructions: 181COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020CD6940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd6940000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: free$_errno$_callnewhmalloc
                                              • String ID:
                                              • API String ID: 2761444284-0
                                              • Opcode ID: a46d6df1e63736bbf5e6f8efd513222b2720334364c4a35ae3722e37f335d37b
                                              • Instruction ID: 1059c9fce8584d48e1c8cf4d8ed292c0c0575e44cfad805194b566054e312bdd
                                              • Opcode Fuzzy Hash: a46d6df1e63736bbf5e6f8efd513222b2720334364c4a35ae3722e37f335d37b
                                              • Instruction Fuzzy Hash: 5051B4B4618F494BE759BB28946967973D0FB49714F60037DD84AC328BEE70E803CA89
                                              Function 0000020CD5143570 Relevance: 8.9, APIs: 7, Instructions: 115COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: free$_errno$_callnewhmalloc
                                              • String ID:
                                              • API String ID: 2761444284-0
                                              • Opcode ID: 3866d312ddc7406d2c13ac3d10959d9d3de063b9a6b1dce899036bf231b32379
                                              • Instruction ID: d1a068a791b74ef0ba62096d8e7b0c6f7436f11f72c1bea65a36ce40ddb44275
                                              • Opcode Fuzzy Hash: 3866d312ddc7406d2c13ac3d10959d9d3de063b9a6b1dce899036bf231b32379
                                              • Instruction Fuzzy Hash: 2D41F3A130078697EB14EB26A59835D67A0B709BC0F641338DE0647B47EF38D9A7C700
                                              Function 0000020CD515B630 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70stringCOMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: strtok$_getptd_time64malloc
                                              • String ID: eThreadpoolTimer
                                              • API String ID: 1522986614-2707337283
                                              • Opcode ID: b02d7519bf37bc4b38ca8186062a8fc85f913fef5048514e0fa6af22142f2d69
                                              • Instruction ID: 8d64856fc77304910d39f8447e2ba935c9d764f4925fb1176a51d700c955f3ee
                                              • Opcode Fuzzy Hash: b02d7519bf37bc4b38ca8186062a8fc85f913fef5048514e0fa6af22142f2d69
                                              • Instruction Fuzzy Hash: ED21A0F2A0079485EB00DF12A09C7AD37B8F795BE4F265775EE6A4378ACA34C441C780
                                              Function 0000020CD514BE74 Relevance: 7.8, APIs: 6, Instructions: 296COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: malloc$_snprintf$_errno_time64freestrtok$_callnewhrealloc
                                              • String ID:
                                              • API String ID: 1314452303-0
                                              • Opcode ID: a14b20026d747f2b5753e6fc705179295a1c2f23b63bad27e5059ac536f54d83
                                              • Instruction ID: bead97c8fa48a5a8fd720c679505c17d5d2472fcad01e8299b0858ce5074dc85
                                              • Opcode Fuzzy Hash: a14b20026d747f2b5753e6fc705179295a1c2f23b63bad27e5059ac536f54d83
                                              • Instruction Fuzzy Hash: A3C19DE170038146FA14FB62A85D7AE63A1AB85785F706339AE56477DBDF38C80AC701
                                              Function 0000020CD6951694 Relevance: 7.7, APIs: 5, Instructions: 205COMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020CD6940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd6940000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _errno$_invalid_parameter_noinfo$fseekmalloc$_callnewh_fseek_nolock_ftelli64fclose
                                              • String ID:
                                              • API String ID: 2887643383-0
                                              • Opcode ID: f1c4e02295faa99f8843714657dd5281141177bf23df19fa39898597ddf49910
                                              • Instruction ID: b84d4abc9bd43a76fe0196d34dd1c7a0ca3d5e7815284fbee6d4538b9249e301
                                              • Opcode Fuzzy Hash: f1c4e02295faa99f8843714657dd5281141177bf23df19fa39898597ddf49910
                                              • Instruction Fuzzy Hash: 7C5193B1618B084FE759FB2894A97B972D1FB98310F60437EE48BC32D7DE349906C685
                                              Function 0000020CD696A348 Relevance: 7.7, APIs: 5, Instructions: 201COMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020CD6940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd6940000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _lock$_calloc_crt_mtinitlocknum
                                              • String ID:
                                              • API String ID: 3962633935-0
                                              • Opcode ID: b1e94c722dda090378a8e761eed7513b06593d91ccd6790d0d4411b736f80c7c
                                              • Instruction ID: 16f471c7895acf49d5e2ae75b9c778aa3d25d71e546343369933c84d3f2000d8
                                              • Opcode Fuzzy Hash: b1e94c722dda090378a8e761eed7513b06593d91ccd6790d0d4411b736f80c7c
                                              • Instruction Fuzzy Hash: 2451B5B0518B088FE764AF98D89A379B7D0FB54310F65476DE84AC72A3DA74DC42C782
                                              Function 0000020CD69454F0 Relevance: 7.7, APIs: 6, Instructions: 175COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020CD6940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd6940000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: free$_errno$_callnewhmalloc
                                              • String ID:
                                              • API String ID: 2761444284-0
                                              • Opcode ID: 9dd44889f23309e2c133c4e883ac3d7c03cf28f4ebc62bcd805b5d39935d1e2d
                                              • Instruction ID: 10c66b2816a0fb6dd4619f332a04902fd4c3cfa6a308c3923d1838a76c5d2ed4
                                              • Opcode Fuzzy Hash: 9dd44889f23309e2c133c4e883ac3d7c03cf28f4ebc62bcd805b5d39935d1e2d
                                              • Instruction Fuzzy Hash: BE4108B0318B4D4BE769BB68585927A76D5EB96360F24423DD887C3287ED30E807C7C9
                                              Function 0000020CD696239C Relevance: 7.6, APIs: 5, Instructions: 149COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020CD6940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd6940000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _errno$_fileno_getbuf_getptd_noexit_invalid_parameter_noinfo_isatty
                                              • String ID:
                                              • API String ID: 304646821-0
                                              • Opcode ID: c35e8c2de9f02937b40d8dcb44627bb11330896f7d068decc206105344bae12a
                                              • Instruction ID: a73c542bbaabfcbb434ea4df44e19a168ec26a9b0470b8f262c89161fcfd58c3
                                              • Opcode Fuzzy Hash: c35e8c2de9f02937b40d8dcb44627bb11330896f7d068decc206105344bae12a
                                              • Instruction Fuzzy Hash: BC5190B0214B084FEBA8FFA8C4A976577D0FB59310F6407A9D85ACB2D7D674C881C781
                                              Function 0000020CD6959220 Relevance: 7.6, APIs: 6, Instructions: 142COMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020CD6940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd6940000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _errno$_snprintffreemalloc$_callnewh_invalid_parameter_noinfo
                                              • String ID:
                                              • API String ID: 761449704-0
                                              • Opcode ID: faf2166294d0965833cb84c6e7fe882f3c5ed13ceeefabe40a4c11aee224dca5
                                              • Instruction ID: d285eaa1edc254883bb390ab3d43e3a91c3881a8b5ba20be847a7e7715dfef26
                                              • Opcode Fuzzy Hash: faf2166294d0965833cb84c6e7fe882f3c5ed13ceeefabe40a4c11aee224dca5
                                              • Instruction Fuzzy Hash: 6E41527060CB884FE698BB7C64297B877E2E799310F6446A9D08EC3297DA349C438785
                                              Function 0000020CD5150A94 Relevance: 7.6, APIs: 5, Instructions: 126COMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _errno$_invalid_parameter_noinfomalloc$fseek$_callnewh_fseek_nolock_ftelli64fclose
                                              • String ID:
                                              • API String ID: 1756087678-0
                                              • Opcode ID: f827565397daa4a866320a6784096609c7711a7c42725b9a2a2b01c24697e092
                                              • Instruction ID: d2cb656f83c69069d234ae3745a07722b1362e158c983c552ef39f1182704573
                                              • Opcode Fuzzy Hash: f827565397daa4a866320a6784096609c7711a7c42725b9a2a2b01c24697e092
                                              • Instruction Fuzzy Hash: EF41C2A131474086EA10EB12E4583AEA3A1B7C9BD0FA4A335AE5E47BDBDE3CC5058700
                                              Function 0000020CD515FA2C Relevance: 7.6, APIs: 5, Instructions: 124COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _errno_fileno_flsbuf_flush_getptd_noexit_invalid_parameter_noinfo
                                              • String ID:
                                              • API String ID: 1640621425-0
                                              • Opcode ID: f714c1e563aa58d873e3883a1df435710c86d18d380f096712ab5731ea4c4750
                                              • Instruction ID: dcf1dcc1a6007bff4a4b54bbe603f4a3b55369f585a6d577bb6d638e989df3f8
                                              • Opcode Fuzzy Hash: f714c1e563aa58d873e3883a1df435710c86d18d380f096712ab5731ea4c4750
                                              • Instruction Fuzzy Hash: 5E4125E130034086FE689F62959C36EB6A1B744FE0F3893309E6647FDBD678C4418241
                                              Function 0000020CD51448F0 Relevance: 7.6, APIs: 6, Instructions: 114COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: free$_errno$_callnewhmalloc
                                              • String ID:
                                              • API String ID: 2761444284-0
                                              • Opcode ID: 326b315c93b4297f8d1cd44fbd3c536e1a3741d65750285d3f659b19031d268f
                                              • Instruction ID: 3f6d2e2a018adb986ac4155a69e30e663d518e86b4b9f6ceca4483c25b9d19cb
                                              • Opcode Fuzzy Hash: 326b315c93b4297f8d1cd44fbd3c536e1a3741d65750285d3f659b19031d268f
                                              • Instruction Fuzzy Hash: 494113A23043A552EB15DB26640835D6B95B754BC8F396238DD178BB47EE78C80AC304
                                              Function 0000020CD694FC64 Relevance: 7.6, APIs: 5, Instructions: 90fileCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020CD6940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd6940000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _errno$free$_callnewhfclosefwritemalloc
                                              • String ID:
                                              • API String ID: 1696598829-0
                                              • Opcode ID: c287650ca013cd6fba82a94b2bfab312077d62521af6d54d1c0599a360ecab3d
                                              • Instruction ID: c7058d3a2bd1a78750f8dbd77dbc5689bfcf5b7639ad0d6aa15f9086cfd95070
                                              • Opcode Fuzzy Hash: c287650ca013cd6fba82a94b2bfab312077d62521af6d54d1c0599a360ecab3d
                                              • Instruction Fuzzy Hash: 1D2156B0218B494BE694F76854793AEB6D1FBD8350F60077DA44AC32DBED34D901C785
                                              Function 0000020CD5158620 Relevance: 7.6, APIs: 6, Instructions: 87COMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _errno$_snprintffreemalloc$_callnewh_invalid_parameter_noinfo
                                              • String ID:
                                              • API String ID: 761449704-0
                                              • Opcode ID: 6cfeb8f42d39390d21f7f655b5309285a784ce0f998201f3a4c834a9ff33a05d
                                              • Instruction ID: be3833fb197bd697e81cfceb347b0a1d0ab4a356cccc1a32f7d2a893023f504b
                                              • Opcode Fuzzy Hash: 6cfeb8f42d39390d21f7f655b5309285a784ce0f998201f3a4c834a9ff33a05d
                                              • Instruction Fuzzy Hash: D431D39520478049E614AB26681D3ED6B72734AFD0FB86371DEE5177DBCB38C542C700
                                              Function 0000020CD514F064 Relevance: 7.6, APIs: 5, Instructions: 58fileCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _errno$free$_callnewhfclosefwritemalloc
                                              • String ID:
                                              • API String ID: 1696598829-0
                                              • Opcode ID: 1bdd5497ac55f9ceee01cd46502ea43f72165348b95f2b256c95d8f9a827a5ec
                                              • Instruction ID: 66ed96cef469816ab6b7a851c6c7681a64d89e77cc8756b2b79fc183b5072714
                                              • Opcode Fuzzy Hash: 1bdd5497ac55f9ceee01cd46502ea43f72165348b95f2b256c95d8f9a827a5ec
                                              • Instruction Fuzzy Hash: 64114FD170478081EA10E712A1593AE63A1AB95BE4F646335AE6A5BBCFDE38C5058B40
                                              Function 0000020CD696A5EC Relevance: 7.5, APIs: 5, Instructions: 41COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020CD6940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd6940000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _getptd_noexit$__doserrno_errno
                                              • String ID:
                                              • API String ID: 2964073243-0
                                              • Opcode ID: 7de39b626677fa29025c8f4af27b0a540db68e2d6824cc23474586602198323a
                                              • Instruction ID: 1b528c5dff9e24e67e33d2a2a71bba67ddd376d10061b459ccd7ba4d666e8198
                                              • Opcode Fuzzy Hash: 7de39b626677fa29025c8f4af27b0a540db68e2d6824cc23474586602198323a
                                              • Instruction Fuzzy Hash: 5D018CB0524B484EF759BBACC8797A832A0FF11326FB443B5A00A8B1E7E77C4441C712
                                              Function 0000020CD51699EC Relevance: 7.5, APIs: 5, Instructions: 31COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _getptd_noexit$__doserrno_errno
                                              • String ID:
                                              • API String ID: 2964073243-0
                                              • Opcode ID: 02e55afb5f5e5304a095475b8354770d2627f5ba6f47f1d288df05a1981eaf7d
                                              • Instruction ID: 43398ac7a13c36e94ddcb8f94470f782178dd0cbd0773f5e10279da3eeca29a6
                                              • Opcode Fuzzy Hash: 02e55afb5f5e5304a095475b8354770d2627f5ba6f47f1d288df05a1981eaf7d
                                              • Instruction Fuzzy Hash: CF01CDF665178886FF052B24C88E3AC66929B90B72FB18335D929073D3CB7848409721
                                              Function 0000020CD694EC04 Relevance: 6.5, APIs: 5, Instructions: 254COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020CD6940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd6940000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _snprintf
                                              • String ID:
                                              • API String ID: 3512837008-0
                                              • Opcode ID: 72e4e973a1d0442b98f7febb78707b45b3081222fbe35b5ecbc6412512dc3076
                                              • Instruction ID: 80a92d3f47e723e65eea5e42eaa563f2a11b7f0f477208eb6a50f979af9115b2
                                              • Opcode Fuzzy Hash: 72e4e973a1d0442b98f7febb78707b45b3081222fbe35b5ecbc6412512dc3076
                                              • Instruction Fuzzy Hash: 6E918171618B488FEB54FF18D8A9BAA73E5FB95304F20067AE44AC31D2DA34E945CB41
                                              Function 0000020CD514E004 Relevance: 6.4, APIs: 5, Instructions: 165COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _snprintf
                                              • String ID:
                                              • API String ID: 3512837008-0
                                              • Opcode ID: 72e4e973a1d0442b98f7febb78707b45b3081222fbe35b5ecbc6412512dc3076
                                              • Instruction ID: a77dc2ef31aa747e0e23ef485f94aa5ef7b8d79c5fef712712ece3998f2f0583
                                              • Opcode Fuzzy Hash: 72e4e973a1d0442b98f7febb78707b45b3081222fbe35b5ecbc6412512dc3076
                                              • Instruction Fuzzy Hash: 29814AB2600B849AFB50EB65E8887ED77A1F788784F641736DA5A0379ADF38C505C740
                                              Function 0000020CD695EFEC Relevance: 6.3, APIs: 5, Instructions: 76COMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020CD6940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd6940000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _errnomalloc$_callnewh$_invalid_parameter_noinfo_snprintf
                                              • String ID:
                                              • API String ID: 2026495703-0
                                              • Opcode ID: b352101c7262c8bcb4a5e96376bd10b91777e0dce9561e268234f3b9efdf5141
                                              • Instruction ID: b2068c0fd75fd24fbf714b69ca3a37fa58b281351794f81e731c40b291e04885
                                              • Opcode Fuzzy Hash: b352101c7262c8bcb4a5e96376bd10b91777e0dce9561e268234f3b9efdf5141
                                              • Instruction Fuzzy Hash: 9C1124B061CF484FE798FB6CA45535576D1E78C320F24466EE05AC3797EA349D428BC1
                                              Function 0000020CD696062C Relevance: 6.2, APIs: 4, Instructions: 194COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020CD6940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd6940000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _errno_fileno_flush_getptd_noexit_invalid_parameter_noinfo
                                              • String ID:
                                              • API String ID: 634798775-0
                                              • Opcode ID: 34e7f92ebff520e6a17a4e985317f9f17b8bd586bad3667c73d28a98cf0395a5
                                              • Instruction ID: 6f3ac2e36546157430afbc7c7a841153a311abd5420ce3e05654dd1c9c4aaa94
                                              • Opcode Fuzzy Hash: 34e7f92ebff520e6a17a4e985317f9f17b8bd586bad3667c73d28a98cf0395a5
                                              • Instruction Fuzzy Hash: 3351AAB0218F094BE6687BAD59AD33572C1E79A710F34037ED49AC31D3EA71DC52C585
                                              Function 0000020CD515B3C0 Relevance: 6.1, APIs: 4, Instructions: 140COMMONLIBRARYCODE
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1dde0bc93da3cc204cab392ef88660b8feabc790641522e6986fd432b01f6e40
                                              • Instruction ID: 344638145218d89cf99ae9a20ab15ca3fe343e6f5cfa8559652b4207a880cd8c
                                              • Opcode Fuzzy Hash: 1dde0bc93da3cc204cab392ef88660b8feabc790641522e6986fd432b01f6e40
                                              • Instruction Fuzzy Hash: 146180B1611B408AEB68CF15E58D3AC77B0F768B59F34573ADA164B3A7CB39C8418B40
                                              Function 0000020CD69410D0 Relevance: 6.1, APIs: 4, Instructions: 90COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020CD6940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd6940000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: clock
                                              • String ID:
                                              • API String ID: 3195780754-0
                                              • Opcode ID: 88d80a52c757cc5c40c2c6d70a970e4954adb33c3b78b443ec03df4506b3ea8d
                                              • Instruction ID: 55c4d2927386b1faf213f7b98f20db5b80b165176383cbe9c776bdebc8f1dadb
                                              • Opcode Fuzzy Hash: 88d80a52c757cc5c40c2c6d70a970e4954adb33c3b78b443ec03df4506b3ea8d
                                              • Instruction Fuzzy Hash: CC21C6B180C70C0EE768BBD8944A676B6D0D7A9350F25033DE88A83153E961AC42C2DA
                                              Function 0000020CD69600EC Relevance: 6.1, APIs: 4, Instructions: 64COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020CD6940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd6940000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: CurrentImageNonwritable$FindSection_initp_misc_cfltcvt_tab_initterm_e
                                              • String ID:
                                              • API String ID: 1991439119-0
                                              • Opcode ID: 4030f444e10e83babf63ca456711778ffaca7bb986e35c3fe88b540d1c4421cc
                                              • Instruction ID: 8ee65e68e10be09649c01c6ddaf396d2fa17fe65455de7321ab779fecbf996bb
                                              • Opcode Fuzzy Hash: 4030f444e10e83babf63ca456711778ffaca7bb986e35c3fe88b540d1c4421cc
                                              • Instruction Fuzzy Hash: 6E117371114F098AFB46FBA0EEED7E673A5E756304F654779D402C60E3EE388A44C640
                                              Function 0000020CD51404D0 Relevance: 6.1, APIs: 4, Instructions: 62COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: clock
                                              • String ID:
                                              • API String ID: 3195780754-0
                                              • Opcode ID: 88d80a52c757cc5c40c2c6d70a970e4954adb33c3b78b443ec03df4506b3ea8d
                                              • Instruction ID: c6f649b60137578c59c72bf5bf20fd7ad268d780e7ed4ca98027a03a71e86c91
                                              • Opcode Fuzzy Hash: 88d80a52c757cc5c40c2c6d70a970e4954adb33c3b78b443ec03df4506b3ea8d
                                              • Instruction Fuzzy Hash: 7C11E7A2604786C5F770AF67A48472FB690F744390F392339EE464F283EA74C8818B00
                                              Function 0000020CD516E9D8 Relevance: 6.1, APIs: 4, Instructions: 62stringCOMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Locale$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_errno_getptd_getptd_noexit_invalid_parameter_noinfostrchr
                                              • String ID:
                                              • API String ID: 4151157258-0
                                              • Opcode ID: 89153f5c64fab27db57a2af5758249aa045b2e8adbb4ff24b9161b74b74b034e
                                              • Instruction ID: 38f870cf34254d828109f2b88b957f9ef785f0867b53a8cc792858b76408a3fd
                                              • Opcode Fuzzy Hash: 89153f5c64fab27db57a2af5758249aa045b2e8adbb4ff24b9161b74b74b034e
                                              • Instruction Fuzzy Hash: 1421BEEA6083A441FB609725905837FAAD1F381BD5F388331EAD74BAD7DA2CC542CB51
                                              Function 0000020CD51513B0 Relevance: 6.0, APIs: 4, Instructions: 30COMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _errno$remove$_callnewh_invalid_parameter_noinfo_snprintfmalloc
                                              • String ID:
                                              • API String ID: 2566950902-0
                                              • Opcode ID: fcd4f31b16295b3d981e03ccf995d44eb940f919008a0e94d9d9162e5faefa64
                                              • Instruction ID: e93bac011fa24b20b8c02971b56a920315a1f4c1f6f75433a35d8a41ee8d619b
                                              • Opcode Fuzzy Hash: fcd4f31b16295b3d981e03ccf995d44eb940f919008a0e94d9d9162e5faefa64
                                              • Instruction Fuzzy Hash: 59F090A160475089E210EB12B80539EA270B785BC0F7C5331EF8817B9BDE78C8018744
                                              Function 0000020CD695F860 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020CD6940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd6940000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _errno_getptd_noexit_invalid_parameter_noinfo
                                              • String ID: B
                                              • API String ID: 1812809483-1255198513
                                              • Opcode ID: c02d2d703cad3fde31994e70e132d1470a84cf0b2fdde3fa0011d2dc5e3ae6ea
                                              • Instruction ID: 6f1796fc5714cea7d81da194dc6811456c3bb5add64f5ebac7ff5d9ef8ab084f
                                              • Opcode Fuzzy Hash: c02d2d703cad3fde31994e70e132d1470a84cf0b2fdde3fa0011d2dc5e3ae6ea
                                              • Instruction Fuzzy Hash: DE11BF70228B084FD744EF5C948976AB3D1FB98334F6043AEA01AC32A6CB34C844CB82
                                              Function 0000020CD515EC60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: _errno_getptd_noexit_invalid_parameter_noinfo
                                              • String ID: B
                                              • API String ID: 1812809483-1255198513
                                              • Opcode ID: 60c63a2ab9f2c694e46ab874add7d0a6eb48e0963f6941f66a4f1d1620c6c169
                                              • Instruction ID: 219266f45ec01fbfbfc44a6a52166d2c4da5650d9f1637ed59f8d526a426e404
                                              • Opcode Fuzzy Hash: 60c63a2ab9f2c694e46ab874add7d0a6eb48e0963f6941f66a4f1d1620c6c169
                                              • Instruction Fuzzy Hash: 671184B2624B5486EB10DF12D44439DB661F798FE4F648325AF5817BDACF38C144CB00
                                              Function 0000020CD51410C4 Relevance: 5.3, APIs: 4, Instructions: 261COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: free$_errno$_calloc_implcalloc
                                              • String ID:
                                              • API String ID: 4000150058-0
                                              • Opcode ID: 1990de878bdb2b18b214190b8058df6cf8cdb58ae8a7ad838a221dc59059176c
                                              • Instruction ID: 435940679db5b0f1740f88cba34f7d0c2177b72a685a4a1c0a18e785c24193b9
                                              • Opcode Fuzzy Hash: 1990de878bdb2b18b214190b8058df6cf8cdb58ae8a7ad838a221dc59059176c
                                              • Instruction Fuzzy Hash: 97C10E76604B848AE764CF65E48479E77F4F788B84F20522AEB8E87B59DF38C455CB00
                                              Function 0000020CD695AD44 Relevance: 5.2, APIs: 4, Instructions: 226COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020CD6940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd6940000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: free$_errno$_callnewhmalloc
                                              • String ID:
                                              • API String ID: 2761444284-0
                                              • Opcode ID: 220d10eecca3932b28677e19a5d899b4e1de467fae96e5e6bbac4d4284393be2
                                              • Instruction ID: 253b41d40109f5d35bd4e3ba97b8edeb0c4e28f63ca636e21145cfec6a2c8825
                                              • Opcode Fuzzy Hash: 220d10eecca3932b28677e19a5d899b4e1de467fae96e5e6bbac4d4284393be2
                                              • Instruction Fuzzy Hash: 106183B0218B094BEB68FB2894A97BD72D1EB98350F20077DE946C31D7EE74D906C785
                                              Function 0000020CD6944300 Relevance: 5.2, APIs: 4, Instructions: 179COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419916510.0000020CD6940000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020CD6940000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd6940000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: malloc
                                              • String ID:
                                              • API String ID: 2803490479-0
                                              • Opcode ID: eb22e79342f6c44f5990d3d93bc1acaf377093f70efb3d4e41a798bd81bbd69f
                                              • Instruction ID: 18c173ed540f80e1560fdbb95c50e721b4c9d87a6c0a2f205493db4bb8a96102
                                              • Opcode Fuzzy Hash: eb22e79342f6c44f5990d3d93bc1acaf377093f70efb3d4e41a798bd81bbd69f
                                              • Instruction Fuzzy Hash: 4451A7B0218B454BDB58EF2C949927973D1FB98750F20467DE85BC7287EE30EC52C685
                                              Function 0000020CD515A144 Relevance: 5.2, APIs: 4, Instructions: 155COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: free$_errno$_callnewhmalloc
                                              • String ID:
                                              • API String ID: 2761444284-0
                                              • Opcode ID: 4bbd7cf35d3a9611d3bfe0cac302482741ce3a5729489c26a54f39a05b56b302
                                              • Instruction ID: 4b4e5caf61a3fe67c028f6de400013928881fa9db9c9756934faf6de2512d48c
                                              • Opcode Fuzzy Hash: 4bbd7cf35d3a9611d3bfe0cac302482741ce3a5729489c26a54f39a05b56b302
                                              • Instruction Fuzzy Hash: 6A5102E130034581EA68AB22E4587AD67B1BB81BC0F7467359A0A17BDBEF79C549C700
                                              Function 0000020CD5143700 Relevance: 5.1, APIs: 4, Instructions: 112COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.3419885425.0000020CD5140000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000020CD5140000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_20cd5140000_mode11_0HVJ.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: malloc
                                              • String ID:
                                              • API String ID: 2803490479-0
                                              • Opcode ID: 80bcae34b50f6f3c58066c2fc9d1801100724e039a84313f03cb0366590bdd42
                                              • Instruction ID: edde0c60bd7c287221ea4ad6bb378dcffedb1805d0e451c8027f6f6222bf2c0c
                                              • Opcode Fuzzy Hash: 80bcae34b50f6f3c58066c2fc9d1801100724e039a84313f03cb0366590bdd42
                                              • Instruction Fuzzy Hash: 8441BEB260078587EB58DB26A4487AEB7A1F344BC4F645738DE6B47B86EF34D885C700