Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
drop1.exe

Overview

General Information

Sample name:drop1.exe
Analysis ID:1584549
MD5:c401a019b5a9e44646577f8922e1014e
SHA1:3406d945b0283bb6337a7490198b00cd1df278a2
SHA256:31ebf7219722b8c908a914b2b08c5d03140af8b0cef6c96152e458dc82301c0a
Tags:exeMeduzaMeduzaStealeruser-aachum
Infos:

Detection

CredGrabber, Meduza Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected CredGrabber
Yara detected Meduza Stealer
AI detected suspicious sample
Contains functionality to inject code into remote processes
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found evasive API chain checking for process token information
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Queries time zone information
Suricata IDS alerts with low severity for network traffic
Terminates after testing mutex exists (may check infected machine status)
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • drop1.exe (PID: 5728 cmdline: "C:\Users\user\Desktop\drop1.exe" MD5: C401A019B5A9E44646577F8922E1014E)
    • conhost.exe (PID: 348 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • drop1.exe (PID: 1472 cmdline: "C:\Users\user\Desktop\drop1.exe" MD5: C401A019B5A9E44646577F8922E1014E)
  • cleanup

Malware Configuration

Threatname: Meduza Stealer

{"C2 url": "66.63.187.173", "grabber_max_size": 4194304, "anti_vm": true, "anti_dbg": true, "self_destruct": false, "extensions": ".txt; .doc; .xlsx", "build_name": "3", "links": "", "port": 15666}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.2243329095.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
    00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
      00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmpinfostealer_win_meduzastealerFinds MeduzaStealer samples based on specific stringsSekoia.io
      • 0xff0dc:$str01: emoji
      • 0x1018d8:$str02: %d-%m-%Y, %H:%M:%S
      • 0x101940:$str03: [UTC
      • 0x10194c:$str04: user_name
      • 0x101970:$str05: computer_name
      • 0x101994:$str06: timezone
      • 0x1018c4:$str07: current_path()
      • 0xff0a8:$str08: [json.exception.
      • 0x11502e:$str09: GDI32.dll
      • 0x1152a0:$str10: GdipGetImageEncoders
      • 0x115318:$str10: GdipGetImageEncoders
      • 0x114948:$str11: GetGeoInfoA
      Process Memory Space: drop1.exe PID: 1472JoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
        Process Memory Space: drop1.exe PID: 1472JoeSecurity_CredGrabberYara detected CredGrabberJoe Security
          Click to see the 1 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.2.drop1.exe.196d220.1.raw.unpackJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
            0.2.drop1.exe.196d220.1.raw.unpackinfostealer_win_meduzastealerFinds MeduzaStealer samples based on specific stringsSekoia.io
            • 0xfd6dc:$str01: emoji
            • 0xffed8:$str02: %d-%m-%Y, %H:%M:%S
            • 0xfff40:$str03: [UTC
            • 0xfff4c:$str04: user_name
            • 0xfff70:$str05: computer_name
            • 0xfff94:$str06: timezone
            • 0xffec4:$str07: current_path()
            • 0xfd6a8:$str08: [json.exception.
            • 0x11362e:$str09: GDI32.dll
            • 0x1138a0:$str10: GdipGetImageEncoders
            • 0x113918:$str10: GdipGetImageEncoders
            • 0x112f48:$str11: GetGeoInfoA
            3.2.drop1.exe.400000.1.unpackJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
              3.2.drop1.exe.400000.1.unpackinfostealer_win_meduzastealerFinds MeduzaStealer samples based on specific stringsSekoia.io
              • 0xfd6dc:$str01: emoji
              • 0xffed8:$str02: %d-%m-%Y, %H:%M:%S
              • 0xfff40:$str03: [UTC
              • 0xfff4c:$str04: user_name
              • 0xfff70:$str05: computer_name
              • 0xfff94:$str06: timezone
              • 0xffec4:$str07: current_path()
              • 0xfd6a8:$str08: [json.exception.
              • 0x11362e:$str09: GDI32.dll
              • 0x1138a0:$str10: GdipGetImageEncoders
              • 0x113918:$str10: GdipGetImageEncoders
              • 0x112f48:$str11: GetGeoInfoA
              0.2.drop1.exe.196d220.1.unpackJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
                Click to see the 3 entries

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-05T20:18:59.648048+010020494411A Network Trojan was detected192.168.2.54970466.63.187.17315666TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-05T20:18:59.648048+010020508061A Network Trojan was detected192.168.2.54970466.63.187.17315666TCP
                2025-01-05T20:18:59.653137+010020508061A Network Trojan was detected192.168.2.54970466.63.187.17315666TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-05T20:18:59.648048+010020508071A Network Trojan was detected192.168.2.54970466.63.187.17315666TCP
                2025-01-05T20:18:59.653137+010020508071A Network Trojan was detected192.168.2.54970466.63.187.17315666TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Found malware configuration
                Source: 3.2.drop1.exe.400000.1.unpackMalware Configuration Extractor: Meduza Stealer {"C2 url": "66.63.187.173", "grabber_max_size": 4194304, "anti_vm": true, "anti_dbg": true, "self_destruct": false, "extensions": ".txt; .doc; .xlsx", "build_name": "3", "links": "", "port": 15666}
                Multi AV Scanner detection for submitted file
                Source: drop1.exeReversingLabs: Detection: 91%
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.9% probability
                Machine Learning detection for sample
                Source: drop1.exeJoe Sandbox ML: detected
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_0047A610 CryptUnprotectData,LocalFree,3_2_0047A610
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_0043D4A0 BCryptDestroyKey,3_2_0043D4A0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_0047A950 CryptProtectData,LocalFree,3_2_0047A950
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_0047AAE0 BCryptDecrypt,BCryptDecrypt,3_2_0047AAE0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_00440B60 CryptUnprotectData,LocalFree,3_2_00440B60
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_0047AE10 BCryptCloseAlgorithmProvider,3_2_0047AE10
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_0047AE80 BCryptOpenAlgorithmProvider,BCryptSetProperty,BCryptGenerateSymmetricKey,3_2_0047AE80
                Source: drop1.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.5:49705 version: TLS 1.2
                Source: drop1.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_ISOLATION, TERMINAL_SERVER_AWARE
                Source: C:\Users\user\Desktop\drop1.exeCode function: 0_2_0015BE9A FindFirstFileExW,0_2_0015BE9A
                Source: C:\Users\user\Desktop\drop1.exeCode function: 0_2_0015BF4B FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_0015BF4B
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_0015BE9A FindFirstFileExW,3_2_0015BE9A
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_0015BF4B FindFirstFileExW,FindNextFileW,FindClose,FindClose,3_2_0015BF4B
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004402D0 FindFirstFileW,FindNextFileW,3_2_004402D0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004B84C0 FindClose,FindFirstFileExW,GetLastError,3_2_004B84C0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004B8545 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx,3_2_004B8545
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004B84E0 FindFirstFileExW,3_2_004B84E0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004BAB85 FindFirstFileExW,3_2_004BAB85
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_00487550 GetLogicalDriveStringsW,3_2_00487550
                Source: C:\Users\user\Desktop\drop1.exeFile opened: D:\sources\migration\Jump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: D:\sources\replacementmanifests\Jump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: D:\sources\migration\wtr\Jump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\Jump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\Jump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: D:\sources\replacementmanifests\hwvid-migration-2\Jump to behavior

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2049441 - Severity 1 - ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt : 192.168.2.5:49704 -> 66.63.187.173:15666
                Source: Network trafficSuricata IDS: 2050806 - Severity 1 - ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2 : 192.168.2.5:49704 -> 66.63.187.173:15666
                Source: global trafficTCP traffic: 192.168.2.5:49704 -> 66.63.187.173:15666
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache
                Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
                Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
                Source: Joe Sandbox ViewASN Name: ASN-QUADRANET-GLOBALUS ASN-QUADRANET-GLOBALUS
                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                Source: unknownDNS query: name: api.ipify.org
                Source: unknownDNS query: name: api.ipify.org
                Source: Network trafficSuricata IDS: 2050807 - Severity 1 - ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP) : 192.168.2.5:49704 -> 66.63.187.173:15666
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_00485350 recv,recv,recv,recv,recv,recv,closesocket,WSACleanup,3_2_00485350
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache
                Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                Source: drop1.exe, 00000003.00000003.2242546192.000000000106B000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2242629094.000000000106C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.adp/1.0/
                Source: drop1.exe, 00000003.00000002.2243667314.000000000106E000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2242546192.000000000106B000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2242629094.000000000106C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.exif/1
                Source: drop1.exe, 00000003.00000003.2023626908.0000000000D6F000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2023350123.000000000442D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: drop1.exe, 00000003.00000002.2243329095.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                Source: drop1.exe, 00000003.00000003.2044728897.0000000000DA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
                Source: drop1.exe, 00000003.00000003.2044824868.0000000000DA7000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2044824868.0000000000D6F000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2044482311.0000000000DEA000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2044900517.0000000000DEB000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2044728897.0000000000DA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
                Source: drop1.exe, 00000003.00000003.2023626908.0000000000D6F000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2023350123.000000000442D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: drop1.exe, 00000003.00000003.2023626908.0000000000D6F000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2023350123.000000000442D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: drop1.exe, 00000003.00000003.2023626908.0000000000D6F000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2023350123.000000000442D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: drop1.exe, 00000003.00000003.2044824868.0000000000DA7000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2044824868.0000000000D6F000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2044482311.0000000000DEA000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2044900517.0000000000DEB000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2044728897.0000000000DA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                Source: drop1.exe, 00000003.00000003.2044728897.0000000000DA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
                Source: drop1.exe, 00000003.00000003.2023626908.0000000000D6F000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2023350123.000000000442D000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2023350123.0000000004414000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2024111798.0000000004414000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: drop1.exe, 00000003.00000003.2023626908.0000000000D6F000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2023350123.000000000442D000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2023350123.0000000004414000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2024111798.0000000004414000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: drop1.exe, 00000003.00000003.2023626908.0000000000D6F000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2023350123.000000000442D000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2023350123.0000000004414000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2024111798.0000000004414000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: drop1.exe, 00000003.00000003.2044728897.0000000000DA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
                Source: drop1.exe, 00000003.00000003.2041225998.0000000003D01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.moz
                Source: drop1.exe, 00000003.00000003.2040285656.0000000003D00000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2039051909.0000000003766000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2038497430.00000000036B3000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2038497430.00000000036BB000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2038497430.00000000036E1000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2043762244.00000000044D5000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2038497430.00000000036D9000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2038497430.000000000376E000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2043762244.000000000442B000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2038497430.0000000003711000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2043762244.0000000004423000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2038497430.0000000003719000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
                Source: drop1.exe, 00000003.00000003.2038497430.0000000003721000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: drop1.exe, 00000003.00000003.2038497430.0000000003721000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
                Source: drop1.exe, 00000003.00000003.2044824868.0000000000DA7000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2044824868.0000000000D6F000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2044482311.0000000000DEA000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2044900517.0000000000DEB000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2044728897.0000000000DA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
                Source: drop1.exe, 00000003.00000003.2044824868.0000000000DA7000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2044824868.0000000000D6F000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2044482311.0000000000DEA000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2044900517.0000000000DEB000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2044728897.0000000000DA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
                Source: drop1.exe, 00000003.00000003.2023626908.0000000000D6F000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2023350123.000000000442D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: drop1.exe, 00000003.00000003.2023626908.0000000000D6F000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2023350123.000000000442D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: drop1.exe, 00000003.00000003.2040285656.0000000003D00000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2039051909.0000000003766000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2038497430.00000000036B3000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2038497430.00000000036BB000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2038497430.00000000036E1000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2043762244.00000000044D5000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2038497430.00000000036D9000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2038497430.000000000376E000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2043762244.000000000442B000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2038497430.0000000003711000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2043762244.0000000004423000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2038497430.0000000003719000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
                Source: drop1.exe, 00000003.00000003.2038497430.0000000003721000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
                Source: drop1.exe, 00000003.00000003.2038497430.0000000003721000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
                Source: drop1.exe, 00000003.00000003.2038497430.00000000036C3000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2041225998.0000000003D01000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2038497430.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2039051909.0000000003776000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2038497430.0000000003721000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                Source: drop1.exe, 00000003.00000003.2038497430.0000000003721000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: drop1.exe, 00000003.00000003.2038497430.00000000036C3000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2041225998.0000000003D01000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2038497430.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2039051909.0000000003776000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2038497430.0000000003721000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
                Source: drop1.exe, 00000003.00000003.2038497430.00000000036C3000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2041225998.0000000003D01000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2038497430.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2039051909.0000000003776000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2038497430.0000000003721000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.5:49705 version: TLS 1.2
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_00485F00 GetSystemMetrics,KiUserCallbackDispatcher,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetDC,GetDeviceCaps,GetDeviceCaps,GetDeviceCaps,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SHCreateMemStream,SelectObject,DeleteDC,ReleaseDC,DeleteObject,IStream_Size,IStream_Reset,IStream_Read,SelectObject,DeleteDC,ReleaseDC,DeleteObject,3_2_00485F00

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 0.2.drop1.exe.196d220.1.raw.unpack, type: UNPACKEDPEMatched rule: Finds MeduzaStealer samples based on specific strings Author: Sekoia.io
                Source: 3.2.drop1.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Finds MeduzaStealer samples based on specific strings Author: Sekoia.io
                Source: 0.2.drop1.exe.196d220.1.unpack, type: UNPACKEDPEMatched rule: Finds MeduzaStealer samples based on specific strings Author: Sekoia.io
                Source: 3.2.drop1.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Finds MeduzaStealer samples based on specific strings Author: Sekoia.io
                Source: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Finds MeduzaStealer samples based on specific strings Author: Sekoia.io
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_0048A0A0 GetModuleHandleA,GetProcAddress,OpenProcess,NtQuerySystemInformation,NtQuerySystemInformation,NtQuerySystemInformation,GetCurrentProcess,NtQueryObject,GetFinalPathNameByHandleA,CloseHandle,CloseHandle,3_2_0048A0A0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_0048A710 RtlAcquirePebLock,NtAllocateVirtualMemory,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,3_2_0048A710
                Source: C:\Users\user\Desktop\drop1.exeCode function: 0_2_001510000_2_00151000
                Source: C:\Users\user\Desktop\drop1.exeCode function: 0_2_001552350_2_00155235
                Source: C:\Users\user\Desktop\drop1.exeCode function: 0_2_001615420_2_00161542
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_001510003_2_00151000
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_001552353_2_00155235
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_001615423_2_00161542
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004422D03_2_004422D0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_0043A2B03_2_0043A2B0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004464003_2_00446400
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004884003_2_00488400
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_0043E4F03_2_0043E4F0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004395D03_2_004395D0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004877803_2_00487780
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004858403_2_00485840
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_0043C9703_2_0043C970
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004479C03_2_004479C0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_00459A063_2_00459A06
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_0046EB703_2_0046EB70
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_0046BCE03_2_0046BCE0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_00439D603_2_00439D60
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_00470EF03_2_00470EF0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_0043BF703_2_0043BF70
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004620803_2_00462080
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004320A03_2_004320A0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004A70A73_2_004A70A7
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_0042D1503_2_0042D150
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004791303_2_00479130
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004741903_2_00474190
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004612503_2_00461250
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004082703_2_00408270
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004B63803_2_004B6380
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004074703_2_00407470
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004624103_2_00462410
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004A54263_2_004A5426
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_0045C4C03_2_0045C4C0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_0043D4A03_2_0043D4A0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_0047E5803_2_0047E580
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_0046B6203_2_0046B620
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004687503_2_00468750
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004197703_2_00419770
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_0045C7003_2_0045C700
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004917CA3_2_004917CA
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_0045D7A03_2_0045D7A0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004627A03_2_004627A0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_0049687E3_2_0049687E
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004B68703_2_004B6870
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_0043A8003_2_0043A800
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004938003_2_00493800
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_0049F8A23_2_0049F8A2
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004619403_2_00461940
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004459503_2_00445950
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004789903_2_00478990
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004ACA4B3_2_004ACA4B
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_00406AE03_2_00406AE0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004B3AE03_2_004B3AE0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_00430AF03_2_00430AF0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_0048AA803_2_0048AA80
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_00414AA03_2_00414AA0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_0045EAA03_2_0045EAA0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_00476AB63_2_00476AB6
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_00462B503_2_00462B50
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_00482C4B3_2_00482C4B
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004BCC403_2_004BCC40
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004B6C403_2_004B6C40
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_00461CC03_2_00461CC0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_00478D403_2_00478D40
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004B6D303_2_004B6D30
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004B1D303_2_004B1D30
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_00440DE03_2_00440DE0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_0043AE503_2_0043AE50
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_0042EEA03_2_0042EEA0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_00406F403_2_00406F40
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_00444F503_2_00444F50
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_00443F003_2_00443F00
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_00456F003_2_00456F00
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_00412FA03_2_00412FA0
                Source: C:\Users\user\Desktop\drop1.exeCode function: String function: 004AC500 appears 58 times
                Source: C:\Users\user\Desktop\drop1.exeCode function: String function: 001551F0 appears 64 times
                Source: C:\Users\user\Desktop\drop1.exeCode function: String function: 004517F0 appears 53 times
                Source: C:\Users\user\Desktop\drop1.exeCode function: String function: 0015970F appears 36 times
                Source: drop1.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: 0.2.drop1.exe.196d220.1.raw.unpack, type: UNPACKEDPEMatched rule: infostealer_win_meduzastealer author = Sekoia.io, description = Finds MeduzaStealer samples based on specific strings, creation_date = 2023-06-20, classification = TLP:CLEAR, version = 1.0, id = 1276f485-aa5d-491b-89d8-77f98dc496e1
                Source: 3.2.drop1.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: infostealer_win_meduzastealer author = Sekoia.io, description = Finds MeduzaStealer samples based on specific strings, creation_date = 2023-06-20, classification = TLP:CLEAR, version = 1.0, id = 1276f485-aa5d-491b-89d8-77f98dc496e1
                Source: 0.2.drop1.exe.196d220.1.unpack, type: UNPACKEDPEMatched rule: infostealer_win_meduzastealer author = Sekoia.io, description = Finds MeduzaStealer samples based on specific strings, creation_date = 2023-06-20, classification = TLP:CLEAR, version = 1.0, id = 1276f485-aa5d-491b-89d8-77f98dc496e1
                Source: 3.2.drop1.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: infostealer_win_meduzastealer author = Sekoia.io, description = Finds MeduzaStealer samples based on specific strings, creation_date = 2023-06-20, classification = TLP:CLEAR, version = 1.0, id = 1276f485-aa5d-491b-89d8-77f98dc496e1
                Source: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: infostealer_win_meduzastealer author = Sekoia.io, description = Finds MeduzaStealer samples based on specific strings, creation_date = 2023-06-20, classification = TLP:CLEAR, version = 1.0, id = 1276f485-aa5d-491b-89d8-77f98dc496e1
                Source: drop1.exeStatic PE information: Section: .bss ZLIB complexity 1.0003138195647467
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@4/0@1/2
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_0048CB50 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,3_2_0048CB50
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004473D0 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,3_2_004473D0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_00477EE0 CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoSetProxyBlanket,SysAllocStringByteLen,SysFreeString,SysAllocStringByteLen,SysFreeString,SysStringByteLen,SysStringByteLen,SysFreeString,SysFreeString,3_2_00477EE0
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:348:120:WilError_03
                Source: C:\Users\user\Desktop\drop1.exeMutant created: \Sessions\1\BaseNamedObjects\Mmm-A33C734061CA11EE8C18806E6F6E6963C78A5D27
                Source: drop1.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\Desktop\drop1.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: drop1.exeReversingLabs: Detection: 91%
                Source: C:\Users\user\Desktop\drop1.exeFile read: C:\Users\user\Desktop\drop1.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\drop1.exe "C:\Users\user\Desktop\drop1.exe"
                Source: C:\Users\user\Desktop\drop1.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\Desktop\drop1.exeProcess created: C:\Users\user\Desktop\drop1.exe "C:\Users\user\Desktop\drop1.exe"
                Source: C:\Users\user\Desktop\drop1.exeProcess created: C:\Users\user\Desktop\drop1.exe "C:\Users\user\Desktop\drop1.exe"Jump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: rstrtmgr.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
                Source: C:\Users\user\Desktop\drop1.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: drop1.exeStatic file information: File size 1293312 > 1048576
                Source: drop1.exeStatic PE information: Raw size of .bss is bigger than: 0x100000 < 0x120a00
                Source: drop1.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_ISOLATION, TERMINAL_SERVER_AWARE
                Source: drop1.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                Source: drop1.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                Source: drop1.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                Source: drop1.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                Source: drop1.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_00446400 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,3_2_00446400
                Source: drop1.exeStatic PE information: section name: .OO
                Source: C:\Users\user\Desktop\drop1.exeCode function: 0_2_001546A3 push ecx; ret 0_2_001546B6
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_001546A3 push ecx; ret 3_2_001546B6
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004ACE0C push ecx; ret 3_2_004ACE1F
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_0047E240 GetCurrentProcess,OpenProcessToken,GetTokenInformation,CloseHandle,ExitProcess,OpenMutexA,ExitProcess,CreateMutexA,ExitProcess,ReleaseMutex,CloseHandle,3_2_0047E240
                Source: C:\Users\user\Desktop\drop1.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_3-58188
                Source: C:\Users\user\Desktop\drop1.exeCode function: 0_2_0015BE9A FindFirstFileExW,0_2_0015BE9A
                Source: C:\Users\user\Desktop\drop1.exeCode function: 0_2_0015BF4B FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_0015BF4B
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_0015BE9A FindFirstFileExW,3_2_0015BE9A
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_0015BF4B FindFirstFileExW,FindNextFileW,FindClose,FindClose,3_2_0015BF4B
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004402D0 FindFirstFileW,FindNextFileW,3_2_004402D0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004B84C0 FindClose,FindFirstFileExW,GetLastError,3_2_004B84C0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004B8545 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx,3_2_004B8545
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004B84E0 FindFirstFileExW,3_2_004B84E0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004BAB85 FindFirstFileExW,3_2_004BAB85
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_00487550 GetLogicalDriveStringsW,3_2_00487550
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_00498574 VirtualQuery,GetSystemInfo,VirtualAlloc,VirtualProtect,3_2_00498574
                Source: C:\Users\user\Desktop\drop1.exeFile opened: D:\sources\migration\Jump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: D:\sources\replacementmanifests\Jump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: D:\sources\migration\wtr\Jump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\Jump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\Jump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: D:\sources\replacementmanifests\hwvid-migration-2\Jump to behavior
                Source: drop1.exe, 00000003.00000003.2034994573.00000000044A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                Source: drop1.exe, 00000003.00000003.2034994573.00000000044A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
                Source: drop1.exe, 00000003.00000003.2034994573.00000000044A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                Source: drop1.exe, 00000003.00000003.2034994573.00000000044A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                Source: drop1.exe, 00000003.00000003.2034994573.00000000044A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
                Source: drop1.exe, 00000003.00000003.2034994573.00000000044A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                Source: drop1.exe, 00000003.00000002.2243329095.0000000000CF8000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2021635573.0000000000D59000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000002.2243329095.0000000000D45000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: drop1.exe, 00000003.00000003.2034994573.00000000044A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                Source: drop1.exe, 00000003.00000003.2034994573.00000000044A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                Source: drop1.exe, 00000003.00000003.2034994573.00000000044A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                Source: drop1.exe, 00000003.00000003.2021635573.0000000000D59000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000002.2243329095.0000000000D45000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWl
                Source: drop1.exe, 00000003.00000003.2034994573.00000000044A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                Source: drop1.exe, 00000003.00000003.2034994573.00000000044A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                Source: drop1.exe, 00000003.00000003.2034994573.00000000044A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                Source: drop1.exe, 00000003.00000003.2034994573.00000000044A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                Source: drop1.exe, 00000003.00000003.2034994573.00000000044A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
                Source: drop1.exe, 00000003.00000003.2034994573.00000000044A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                Source: drop1.exe, 00000003.00000003.2034994573.00000000044A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                Source: drop1.exe, 00000003.00000003.2034994573.00000000044A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
                Source: drop1.exe, 00000003.00000003.2034994573.00000000044A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                Source: drop1.exe, 00000003.00000003.2034994573.00000000044A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
                Source: drop1.exe, 00000003.00000003.2034994573.00000000044A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
                Source: drop1.exe, 00000003.00000003.2034994573.00000000044A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
                Source: drop1.exe, 00000003.00000003.2034994573.00000000044A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                Source: drop1.exe, 00000003.00000003.2034994573.00000000044A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                Source: drop1.exe, 00000003.00000003.2034994573.00000000044A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
                Source: drop1.exe, 00000003.00000003.2034994573.00000000044A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                Source: drop1.exe, 00000003.00000003.2034994573.00000000044A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
                Source: drop1.exe, 00000003.00000003.2034994573.00000000044A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                Source: drop1.exe, 00000003.00000003.2034994573.00000000044A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                Source: drop1.exe, 00000003.00000003.2034994573.00000000044A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
                Source: drop1.exe, 00000003.00000003.2034994573.00000000044A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                Source: drop1.exe, 00000003.00000003.2034994573.00000000044A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                Source: C:\Users\user\Desktop\drop1.exeAPI call chain: ExitProcess graph end nodegraph_3-58208
                Source: C:\Users\user\Desktop\drop1.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_0048A710 RtlAcquirePebLock,NtAllocateVirtualMemory,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,3_2_0048A710
                Source: C:\Users\user\Desktop\drop1.exeCode function: 0_2_00155027 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00155027
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_00498574 VirtualProtect ?,-00000001,00000104,?,?,?,0000001C3_2_00498574
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_00446400 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,3_2_00446400
                Source: C:\Users\user\Desktop\drop1.exeCode function: 0_2_0016A1A9 mov edi, dword ptr fs:[00000030h]0_2_0016A1A9
                Source: C:\Users\user\Desktop\drop1.exeCode function: 0_2_00151770 mov edi, dword ptr fs:[00000030h]0_2_00151770
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_00151770 mov edi, dword ptr fs:[00000030h]3_2_00151770
                Source: C:\Users\user\Desktop\drop1.exeCode function: 0_2_00159726 GetProcessHeap,0_2_00159726
                Source: C:\Users\user\Desktop\drop1.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeCode function: 0_2_0015501B SetUnhandledExceptionFilter,0_2_0015501B
                Source: C:\Users\user\Desktop\drop1.exeCode function: 0_2_00155027 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00155027
                Source: C:\Users\user\Desktop\drop1.exeCode function: 0_2_001578CC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_001578CC
                Source: C:\Users\user\Desktop\drop1.exeCode function: 0_2_001545B7 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_001545B7
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_0015501B SetUnhandledExceptionFilter,3_2_0015501B
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_00155027 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00155027
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_001578CC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_001578CC
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_001545B7 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_001545B7
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004AC6BF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_004AC6BF
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004AC80A SetUnhandledExceptionFilter,3_2_004AC80A
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_00497B2D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00497B2D
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004ABFD4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_004ABFD4

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Contains functionality to inject code into remote processes
                Source: C:\Users\user\Desktop\drop1.exeCode function: 0_2_0016A1A9 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessW,CreateProcessW,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,0_2_0016A1A9
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\drop1.exeMemory written: C:\Users\user\Desktop\drop1.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_0047D2F0 ShellExecuteW,OpenProcessToken,GetCurrentProcess,GetTokenInformation,std::ios_base::_Ios_base_dtor,3_2_0047D2F0
                Source: C:\Users\user\Desktop\drop1.exeProcess created: C:\Users\user\Desktop\drop1.exe "C:\Users\user\Desktop\drop1.exe"Jump to behavior
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_00486C50 cpuid 3_2_00486C50
                Source: C:\Users\user\Desktop\drop1.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,3_2_004A6109
                Source: C:\Users\user\Desktop\drop1.exeCode function: GetLocaleInfoEx,FormatMessageA,3_2_004B824D
                Source: C:\Users\user\Desktop\drop1.exeCode function: GetLocaleInfoW,3_2_004A620F
                Source: C:\Users\user\Desktop\drop1.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,3_2_004A62E5
                Source: C:\Users\user\Desktop\drop1.exeCode function: EnumSystemLocalesW,3_2_0049C70E
                Source: C:\Users\user\Desktop\drop1.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,3_2_004A5970
                Source: C:\Users\user\Desktop\drop1.exeCode function: EnumSystemLocalesW,3_2_004A5C67
                Source: C:\Users\user\Desktop\drop1.exeCode function: EnumSystemLocalesW,3_2_004A5C1C
                Source: C:\Users\user\Desktop\drop1.exeCode function: GetLocaleInfoW,3_2_0049CCB0
                Source: C:\Users\user\Desktop\drop1.exeCode function: EnumSystemLocalesW,3_2_004A5D02
                Source: C:\Users\user\Desktop\drop1.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,3_2_004A5D8D
                Source: C:\Users\user\Desktop\drop1.exeCode function: GetLocaleInfoW,3_2_004A5FE0
                Source: C:\Users\user\Desktop\drop1.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeKey value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation TimeZoneKeyNameJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeCode function: 0_2_001548D3 GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,GetSystemTimeAsFileTime,0_2_001548D3
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004863F0 GetUserNameW,3_2_004863F0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 3_2_004A1074 GetTimeZoneInformation,3_2_004A1074

                Stealing of Sensitive Information

                barindex
                Yara detected CredGrabber
                Source: Yara matchFile source: Process Memory Space: drop1.exe PID: 1472, type: MEMORYSTR
                Yara detected Meduza Stealer
                Source: Yara matchFile source: 0.2.drop1.exe.196d220.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.drop1.exe.400000.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.drop1.exe.196d220.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.drop1.exe.400000.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000003.00000002.2243329095.0000000000CF8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: drop1.exe PID: 1472, type: MEMORYSTR
                Found many strings related to Crypto-Wallets (likely being stolen)
                Source: drop1.exe, 00000003.00000002.2243329095.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Electrum-LTC\config
                Source: drop1.exe, 00000003.00000002.2243329095.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ElectronCash\config
                Source: drop1.exe, 00000003.00000003.2047669762.0000000000D6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldbgs42
                Source: drop1.exe, 00000003.00000002.2243329095.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Exodus\exodus.wallet
                Source: drop1.exe, 00000003.00000002.2243329095.0000000000D45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\walletsXw
                Source: drop1.exe, 00000003.00000002.2243329095.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ethereum\keystore
                Source: drop1.exe, 00000003.00000002.2243329095.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ethereum\keystore
                Tries to harvest and steal Bitcoin Wallet information
                Source: C:\Users\user\Desktop\drop1.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\Desktop\drop1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENTJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001Jump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqliteJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.jsJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOGJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCKJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.dbJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.logJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Users\user\Desktop\drop1.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: Yara matchFile source: Process Memory Space: drop1.exe PID: 1472, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected CredGrabber
                Source: Yara matchFile source: Process Memory Space: drop1.exe PID: 1472, type: MEMORYSTR
                Yara detected Meduza Stealer
                Source: Yara matchFile source: 0.2.drop1.exe.196d220.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.drop1.exe.400000.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.drop1.exe.196d220.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.drop1.exe.400000.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000003.00000002.2243329095.0000000000CF8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: drop1.exe PID: 1472, type: MEMORYSTR

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                Native API                		1
                DLL Side-Loading                		1
                Exploitation for Privilege Escalation                		1
                Disable or Modify Tools                		1
                OS Credential Dumping                		12
                System Time Discovery                		Remote Services1
                Archive Collected Data                		2
                Ingress Tool Transfer                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                DLL Side-Loading                		1
                Deobfuscate/Decode Files or Information                		LSASS Memory1
                Account Discovery                		Remote Desktop Protocol2
                Data from Local System                		21
                Encrypted Channel                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                Access Token Manipulation                		2
                Obfuscated Files or Information                		Security Account Manager3
                File and Directory Discovery                		SMB/Windows Admin Shares1
                Screen Capture                		1
                Non-Standard Port                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook211
                Process Injection                		1
                Software Packing                		NTDS34
                System Information Discovery                		Distributed Component Object Model1
                Email Collection                		2
                Non-Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                DLL Side-Loading                		LSA Secrets1
                Query Registry                		SSHKeylogging3
                Application Layer Protocol                		Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Access Token Manipulation                		Cached Domain Credentials21
                Security Software Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items211
                Process Injection                		DCSync2
                Process Discovery                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
                System Owner/User Discovery                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
                System Network Configuration Discovery                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                drop1.exe91%ReversingLabsWin32.Trojan.LummaStealer
                drop1.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://support.moz0%Avira URL Cloudsafe
                http://ns.adp/1.0/0%Avira URL Cloudsafe
                http://ns.exif/10%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                api.ipify.org
                		172.67.74.152
                		truefalse
                  		high

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://api.ipify.org/false
                    		high

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://ac.ecosia.org/autocomplete?q=drop1.exe, 00000003.00000003.2023626908.0000000000D6F000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2023350123.000000000442D000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://duckduckgo.com/chrome_newtabdrop1.exe, 00000003.00000003.2023626908.0000000000D6F000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2023350123.000000000442D000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2023350123.0000000004414000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2024111798.0000000004414000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        http://ns.exif/1drop1.exe, 00000003.00000002.2243667314.000000000106E000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2242546192.000000000106B000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2242629094.000000000106C000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://duckduckgo.com/ac/?q=drop1.exe, 00000003.00000003.2023626908.0000000000D6F000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2023350123.000000000442D000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2023350123.0000000004414000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2024111798.0000000004414000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://support.mozdrop1.exe, 00000003.00000003.2041225998.0000000003D01000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpgdrop1.exe, 00000003.00000003.2044728897.0000000000DA9000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://www.google.com/images/branding/product/ico/googleg_lodp.icodrop1.exe, 00000003.00000003.2023626908.0000000000D6F000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2023350123.000000000442D000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgdrop1.exe, 00000003.00000003.2044824868.0000000000DA7000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2044824868.0000000000D6F000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2044482311.0000000000DEA000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2044900517.0000000000DEB000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2044728897.0000000000DA9000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchdrop1.exe, 00000003.00000003.2023626908.0000000000D6F000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2023350123.000000000442D000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYidrop1.exe, 00000003.00000003.2044728897.0000000000DA9000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBLdrop1.exe, 00000003.00000003.2038497430.0000000003721000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://ns.adp/1.0/drop1.exe, 00000003.00000003.2242546192.000000000106B000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2242629094.000000000106C000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&refdrop1.exe, 00000003.00000003.2044824868.0000000000DA7000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2044824868.0000000000D6F000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2044482311.0000000000DEA000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2044900517.0000000000DEB000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2044728897.0000000000DA9000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.drop1.exe, 00000003.00000003.2044728897.0000000000DA9000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=drop1.exe, 00000003.00000003.2023626908.0000000000D6F000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2023350123.000000000442D000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2023350123.0000000004414000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2024111798.0000000004414000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477drop1.exe, 00000003.00000003.2044824868.0000000000DA7000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2044824868.0000000000D6F000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2044482311.0000000000DEA000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2044900517.0000000000DEB000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2044728897.0000000000DA9000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=drop1.exe, 00000003.00000003.2023626908.0000000000D6F000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2023350123.000000000442D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://support.mozilla.orgdrop1.exe, 00000003.00000003.2040285656.0000000003D00000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2039051909.0000000003766000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2038497430.00000000036B3000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2038497430.00000000036BB000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2038497430.00000000036E1000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2043762244.00000000044D5000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2038497430.00000000036D9000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2038497430.000000000376E000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2043762244.000000000442B000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2038497430.0000000003711000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2043762244.0000000004423000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2038497430.0000000003719000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://www.ecosia.org/newtab/drop1.exe, 00000003.00000003.2023626908.0000000000D6F000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2023350123.000000000442D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&ctadrop1.exe, 00000003.00000003.2044824868.0000000000DA7000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2044824868.0000000000D6F000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2044482311.0000000000DEA000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2044900517.0000000000DEB000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2044728897.0000000000DA9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=drop1.exe, 00000003.00000003.2023626908.0000000000D6F000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000003.00000003.2023350123.000000000442D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brdrop1.exe, 00000003.00000003.2038497430.0000000003721000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high

                                                          World Map of Contacted IPs

                                                          • No. of IPs < 25%
                                                          • 25% < No. of IPs < 50%
                                                          • 50% < No. of IPs < 75%
                                                          • 75% < No. of IPs

                                                          Public IPs

                                                          IPDomainCountryFlagASNASN NameMalicious
                                                          66.63.187.173
                                                          		unknownUnited States
                                                          		8100ASN-QUADRANET-GLOBALUStrue
                                                          172.67.74.152
                                                          		api.ipify.orgUnited States
                                                          		13335CLOUDFLARENETUSfalse

                                                          General Information

                                                          Joe Sandbox version:41.0.0 Charoite
                                                          Analysis ID:1584549
                                                          Start date and time:2025-01-05 20:18:05 +01:00
                                                          Joe Sandbox product:CloudBasic
                                                          Overall analysis duration:0h 5m 28s
                                                          Hypervisor based Inspection enabled:false
                                                          Report type:full
                                                          Cookbook file name:default.jbs
                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                          Number of analysed new started processes analysed:6
                                                          Number of new started drivers analysed:0
                                                          Number of existing processes analysed:0
                                                          Number of existing drivers analysed:0
                                                          Number of injected processes analysed:0
                                                          Technologies:
                                                          • HCA enabled
                                                          • EGA enabled
                                                          • AMSI enabled
                                                          Analysis Mode:default
                                                          Analysis stop reason:Timeout
                                                          Sample name:drop1.exe
                                                          Detection:MAL
                                                          Classification:mal100.troj.spyw.evad.winEXE@4/0@1/2
                                                          EGA Information:
                                                          • Successful, ratio: 100%
                                                          HCA Information:
                                                          • Successful, ratio: 99%
                                                          • Number of executed functions: 87
                                                          • Number of non-executed functions: 134
                                                          Cookbook Comments:
                                                          • Found application associated with file extension: .exe

                                                          Warnings

                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                          • Excluded IPs from analysis (whitelisted): 4.175.87.197, 13.107.246.45
                                                          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                          • Not all processes where analyzed, report is missing behavior information
                                                          • Report size exceeded maximum capacity and may have missing network information.
                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                          • VT rate limit hit for: drop1.exe

                                                          Simulations

                                                          Behavior and APIs

                                                          No simulations

                                                          Joe Sandbox View / Context

                                                          IPs

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          66.63.187.173drop1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                            file.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                              172.67.74.152jgbC220X2U.exeGet hashmaliciousUnknownBrowse
                                                              • api.ipify.org/?format=text
                                                              malware.exeGet hashmaliciousTargeted Ransomware, TrojanRansomBrowse
                                                              • api.ipify.org/
                                                              Simple1.exeGet hashmaliciousUnknownBrowse
                                                              • api.ipify.org/
                                                              Simple2.exeGet hashmaliciousUnknownBrowse
                                                              • api.ipify.org/
                                                              systemConfigChecker.exeGet hashmaliciousUnknownBrowse
                                                              • api.ipify.org/
                                                              systemConfigChecker.exeGet hashmaliciousUnknownBrowse
                                                              • api.ipify.org/
                                                              2b7cu0KwZl.exeGet hashmaliciousUnknownBrowse
                                                              • api.ipify.org/
                                                              Zc9eO57fgF.elfGet hashmaliciousUnknownBrowse
                                                              • api.ipify.org/
                                                              67065b4c84713_Javiles.exeGet hashmaliciousRDPWrap ToolBrowse
                                                              • api.ipify.org/
                                                              Yc9hcFC1ux.exeGet hashmaliciousUnknownBrowse
                                                              • api.ipify.org/

                                                              Domains

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              api.ipify.orgdrop1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                              • 104.26.13.205
                                                              Yoranis Setup.exeGet hashmaliciousUnknownBrowse
                                                              • 104.26.12.205
                                                              Yoranis Setup.exeGet hashmaliciousUnknownBrowse
                                                              • 104.26.13.205
                                                              file.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                              • 104.26.12.205
                                                              http://www.cipassoitalia.it/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                              • 172.67.74.152
                                                              https://telegra.ph/Clarkson-122025-01-02Get hashmaliciousUnknownBrowse
                                                              • 104.26.12.205
                                                              vEtDFkAZjO.exeGet hashmaliciousRL STEALER, StormKittyBrowse
                                                              • 104.26.12.205
                                                              Statement of Account - USD 16,720.00.exeGet hashmaliciousAgentTeslaBrowse
                                                              • 104.26.12.205
                                                              RtU8kXPnKr.exeGet hashmaliciousQuasarBrowse
                                                              • 104.26.12.205
                                                              Loader.exeGet hashmaliciousMeduza StealerBrowse
                                                              • 104.26.13.205

                                                              ASNs

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              ASN-QUADRANET-GLOBALUSdrop1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                              • 66.63.187.173
                                                              file.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                              • 66.63.187.173
                                                              Fantazy.spc.elfGet hashmaliciousUnknownBrowse
                                                              • 104.223.10.34
                                                              1.elfGet hashmaliciousUnknownBrowse
                                                              • 72.11.146.74
                                                              Aqua.arm7.elfGet hashmaliciousMiraiBrowse
                                                              • 193.111.248.108
                                                              Aqua.mips.elfGet hashmaliciousUnknownBrowse
                                                              • 193.111.248.108
                                                              Aqua.mpsl.elfGet hashmaliciousUnknownBrowse
                                                              • 193.111.248.108
                                                              DEMONS.ppc.elfGet hashmaliciousUnknownBrowse
                                                              • 162.220.9.64
                                                              Hilix.ppc.elfGet hashmaliciousMiraiBrowse
                                                              • 45.199.228.221
                                                              CLOUDFLARENETUSDansMinistrie.exeGet hashmaliciousLummaCBrowse
                                                              • 104.21.112.1
                                                              CrosshairX.exeGet hashmaliciousLummaCBrowse
                                                              • 188.114.96.3
                                                              installer_1.05_36.7.exeGet hashmaliciousLummaC StealerBrowse
                                                              • 172.67.208.58
                                                              Installer_x64.exeGet hashmaliciousLummaCBrowse
                                                              • 188.114.97.3
                                                              Installer.exeGet hashmaliciousLummaC, PureLog StealerBrowse
                                                              • 104.21.32.1
                                                              Insomia.exeGet hashmaliciousLummaCBrowse
                                                              • 188.114.97.3
                                                              Aura.exeGet hashmaliciousLummaC, PureLog StealerBrowse
                                                              • 104.21.80.1
                                                              loader.exeGet hashmaliciousLummaC, PureLog StealerBrowse
                                                              • 188.114.97.3
                                                              LinxOptimizer.exeGet hashmaliciousUnknownBrowse
                                                              • 172.67.75.163
                                                              Script.exeGet hashmaliciousLummaC, PureLog StealerBrowse
                                                              • 104.21.80.1

                                                              JA3 Fingerprints

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              37f463bf4616ecd445d4a1937da06e19ZT0KQ1PC.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                                                              • 172.67.74.152
                                                              LinxOptimizer.exeGet hashmaliciousUnknownBrowse
                                                              • 172.67.74.152
                                                              setup.msiGet hashmaliciousUnknownBrowse
                                                              • 172.67.74.152
                                                              drop1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                              • 172.67.74.152
                                                              2b687482300.6345827638.08.exeGet hashmaliciousUnknownBrowse
                                                              • 172.67.74.152
                                                              2b687482300.6345827638.08.exeGet hashmaliciousUnknownBrowse
                                                              • 172.67.74.152
                                                              K27Yg4V48M.exeGet hashmaliciousLummaCBrowse
                                                              • 172.67.74.152
                                                              IH5XqCdf06.exeGet hashmaliciousLummaCBrowse
                                                              • 172.67.74.152
                                                              Tax_Refund_Claim_2024_Australian_Taxation_Office.jsGet hashmaliciousRemcosBrowse
                                                              • 172.67.74.152
                                                              c2.htaGet hashmaliciousRemcosBrowse
                                                              • 172.67.74.152

                                                              Dropped Files

                                                              No context

                                                              Created / dropped Files

                                                              No created / dropped files found

                                                              Static File Info

                                                              General

                                                              File type:PE32 executable (console) Intel 80386, for MS Windows
                                                              Entropy (8bit):7.959249656314459
                                                              TrID:
                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                              • DOS Executable Generic (2002/1) 0.02%
                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                              File name:drop1.exe
                                                              File size:1'293'312 bytes
                                                              MD5:c401a019b5a9e44646577f8922e1014e
                                                              SHA1:3406d945b0283bb6337a7490198b00cd1df278a2
                                                              SHA256:31ebf7219722b8c908a914b2b08c5d03140af8b0cef6c96152e458dc82301c0a
                                                              SHA512:f1306e3e015f005af3675f53ff17015b4cdc4484d13690a04842fa8ab9e7037c68e2e53c90176d7fff36c8a2faf50864d09fb89609466d5d89d7f11783f9250f
                                                              SSDEEP:24576:Bdl/7xIgevnHodySw5KP4lXkV8sWGzv6VD0iNKlsTEc8hF71X:/l/a5vnIdyd5Q4lXkBmLNfkP7F
                                                              TLSH:5855235131C0C4B1CBA3583645B0BB56593DF9314FB0A9FF278D59A15E22AD08A3CAFB
                                                              File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...bI\g..........".................\L............@.......................................@.................................D~..(..

                                                              File Icon

                                                              Icon Hash:00928e8e8686b000

                                                              Static PE Info

                                                              General

                                                              Entrypoint:0x404c5c
                                                              Entrypoint Section:.text
                                                              Digitally signed:false
                                                              Imagebase:0x400000
                                                              Subsystem:windows cui
                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_ISOLATION, TERMINAL_SERVER_AWARE
                                                              Time Stamp:0x675C4962 [Fri Dec 13 14:49:06 2024 UTC]
                                                              TLS Callbacks:
                                                              CLR (.Net) Version:
                                                              OS Version Major:6
                                                              OS Version Minor:0
                                                              File Version Major:6
                                                              File Version Minor:0
                                                              Subsystem Version Major:6
                                                              Subsystem Version Minor:0
                                                              Import Hash:2716f32d1d63b3fc977d6064633b778d

                                                              Entrypoint Preview

                                                              Instruction
                                                              call 00007F4DD0B3A00Ah
                                                              jmp 00007F4DD0B39C29h
                                                              push ebp
                                                              mov ebp, esp
                                                              push dword ptr [ebp+08h]
                                                              call 00007F4DD0B39DBFh
                                                              neg eax
                                                              pop ecx
                                                              sbb eax, eax
                                                              neg eax
                                                              dec eax
                                                              pop ebp
                                                              ret
                                                              push ebp
                                                              mov ebp, esp
                                                              cmp dword ptr [0041B4F0h], FFFFFFFFh
                                                              push dword ptr [ebp+08h]
                                                              jne 00007F4DD0B39DB9h
                                                              call 00007F4DD0B3C3D1h
                                                              jmp 00007F4DD0B39DBDh
                                                              push 0041B4F0h
                                                              call 00007F4DD0B3C354h
                                                              pop ecx
                                                              pop ecx
                                                              xor ecx, ecx
                                                              test eax, eax
                                                              cmove ecx, dword ptr [ebp+08h]
                                                              mov eax, ecx
                                                              pop ebp
                                                              ret
                                                              push 00000008h
                                                              push 00418D38h
                                                              call 00007F4DD0B3A2F0h
                                                              and dword ptr [ebp-04h], 00000000h
                                                              mov eax, 00005A4Dh
                                                              cmp word ptr [00400000h], ax
                                                              jne 00007F4DD0B39E0Fh
                                                              mov eax, dword ptr [0040003Ch]
                                                              cmp dword ptr [eax+00400000h], 00004550h
                                                              jne 00007F4DD0B39DFEh
                                                              mov ecx, 0000010Bh
                                                              cmp word ptr [eax+00400018h], cx
                                                              jne 00007F4DD0B39DF0h
                                                              mov eax, dword ptr [ebp+08h]
                                                              mov ecx, 00400000h
                                                              sub eax, ecx
                                                              push eax
                                                              push ecx
                                                              call 00007F4DD0B39F32h
                                                              pop ecx
                                                              pop ecx
                                                              test eax, eax
                                                              je 00007F4DD0B39DD9h
                                                              cmp dword ptr [eax+24h], 00000000h
                                                              jl 00007F4DD0B39DD3h
                                                              mov dword ptr [ebp-04h], FFFFFFFEh
                                                              mov al, 01h
                                                              jmp 00007F4DD0B39DD1h
                                                              mov eax, dword ptr [ebp-14h]
                                                              mov eax, dword ptr [eax]
                                                              xor ecx, ecx
                                                              cmp dword ptr [eax], C0000005h
                                                              sete cl
                                                              mov eax, ecx
                                                              ret
                                                              mov esp, dword ptr [ebp-18h]

                                                              Data Directories

                                                              NameVirtual AddressVirtual Size Is in Section
                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x17e440x28.rdata
                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x1d0000xe8.rsrc
                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x1e0000x12fc.reloc
                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x128080xc0.rdata
                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IAT0x17fac0x140.rdata
                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                              Sections

                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                              .text0x10000x10c150x10e0005d7420100633613bdbd5a889171c5f7False0.5704427083333333data6.50620173764596IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                              .rdata0x120000x72940x74004965eb04eb8b1b66b8d84a097bc01bc3False0.3977976831896552data4.65662016842751IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .data0x1a0000x1c100x12006a2a147d595c2e66ddd7fdd872225955False0.4281684027777778data4.604642940636322IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              .OO0x1c0000x40x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              .rsrc0x1d0000xe80x2000713d2c4e51a805f2ce8d9843bcbad43False0.306640625data2.337865625306241IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .reloc0x1e0000x12fc0x1400c56221e7af6185e7585b1796050bcf12False0.778515625data6.424268394395036IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                              .bss0x200000x120a000x120a000981e8d8e7a06f97fc8527d01b1e5825False1.0003138195647467data7.999822246026082IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                              Resources

                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                              RT_MANIFEST0x1d0600x87XML 1.0 document, ASCII textEnglishUnited States0.8222222222222222

                                                              Imports

                                                              DLLImport
                                                              KERNEL32.dllAcquireSRWLockExclusive, CloseHandle, CompareStringW, CreateFileW, CreateThread, DecodePointer, DeleteCriticalSection, EncodePointer, EnterCriticalSection, ExitProcess, ExitThread, FindClose, FindFirstFileExW, FindNextFileW, FlushFileBuffers, FreeEnvironmentStringsW, FreeLibrary, FreeLibraryAndExitThread, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetConsoleMode, GetConsoleOutputCP, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetEnvironmentStringsW, GetExitCodeThread, GetFileSize, GetFileType, GetLastError, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExW, GetModuleHandleW, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemTimeAsFileTime, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, InitializeCriticalSectionAndSpinCount, InitializeSListHead, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, LCMapStringW, LeaveCriticalSection, LoadLibraryExW, MultiByteToWideChar, QueryPerformanceCounter, RaiseException, ReadFile, ReleaseSRWLockExclusive, RtlUnwind, SetEnvironmentVariableW, SetFilePointerEx, SetLastError, SetStdHandle, SetUnhandledExceptionFilter, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TryAcquireSRWLockExclusive, UnhandledExceptionFilter, WaitForSingleObjectEx, WakeAllConditionVariable, WideCharToMultiByte, WriteConsoleW, WriteFile

                                                              Possible Origin

                                                              Language of compilation systemCountry where language is spokenMap
                                                              EnglishUnited States

                                                              Network Behavior

                                                              Suricata IDS Alerts

                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                              2025-01-05T20:18:59.648048+01002049441ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt1192.168.2.54970466.63.187.17315666TCP
                                                              2025-01-05T20:18:59.648048+01002050806ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M21192.168.2.54970466.63.187.17315666TCP
                                                              2025-01-05T20:18:59.648048+01002050807ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)1192.168.2.54970466.63.187.17315666TCP
                                                              2025-01-05T20:18:59.653137+01002050806ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M21192.168.2.54970466.63.187.17315666TCP
                                                              2025-01-05T20:18:59.653137+01002050807ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)1192.168.2.54970466.63.187.17315666TCP

                                                              Network Port Distribution

                                                              TCP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Jan 5, 2025 20:18:54.419646025 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:54.424539089 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:54.424632072 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:54.493781090 CET49705443192.168.2.5172.67.74.152
                                                              Jan 5, 2025 20:18:54.493808985 CET44349705172.67.74.152192.168.2.5
                                                              Jan 5, 2025 20:18:54.493880987 CET49705443192.168.2.5172.67.74.152
                                                              Jan 5, 2025 20:18:54.501682997 CET49705443192.168.2.5172.67.74.152
                                                              Jan 5, 2025 20:18:54.501697063 CET44349705172.67.74.152192.168.2.5
                                                              Jan 5, 2025 20:18:54.969953060 CET44349705172.67.74.152192.168.2.5
                                                              Jan 5, 2025 20:18:54.970098019 CET49705443192.168.2.5172.67.74.152
                                                              Jan 5, 2025 20:18:55.021651983 CET49705443192.168.2.5172.67.74.152
                                                              Jan 5, 2025 20:18:55.021665096 CET44349705172.67.74.152192.168.2.5
                                                              Jan 5, 2025 20:18:55.021887064 CET44349705172.67.74.152192.168.2.5
                                                              Jan 5, 2025 20:18:55.024079084 CET49705443192.168.2.5172.67.74.152
                                                              Jan 5, 2025 20:18:55.025599003 CET49705443192.168.2.5172.67.74.152
                                                              Jan 5, 2025 20:18:55.067329884 CET44349705172.67.74.152192.168.2.5
                                                              Jan 5, 2025 20:18:55.138686895 CET44349705172.67.74.152192.168.2.5
                                                              Jan 5, 2025 20:18:55.138731003 CET44349705172.67.74.152192.168.2.5
                                                              Jan 5, 2025 20:18:55.138742924 CET49705443192.168.2.5172.67.74.152
                                                              Jan 5, 2025 20:18:55.138782024 CET49705443192.168.2.5172.67.74.152
                                                              Jan 5, 2025 20:18:55.139940023 CET49705443192.168.2.5172.67.74.152
                                                              Jan 5, 2025 20:18:55.139954090 CET44349705172.67.74.152192.168.2.5
                                                              Jan 5, 2025 20:18:59.648047924 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.653055906 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.653074026 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.653111935 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.653129101 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.653136969 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.653139114 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.653186083 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.653198957 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.653209925 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.653240919 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.653254986 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.653274059 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.653285980 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.653294086 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.653301954 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.653333902 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.653346062 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.658035040 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.658046007 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.658061981 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.658071041 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.658078909 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.658086061 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.658118010 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.658118963 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.658133984 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.658153057 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.658157110 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.658175945 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.658205032 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.658210993 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.658231020 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.658250093 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.658253908 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.658266068 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.658308983 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.658333063 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.658385038 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.663181067 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.663196087 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.663208961 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.663216114 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.663229942 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.663238049 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.663244009 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.663264990 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.663278103 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.663280964 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.663294077 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.663316965 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.663333893 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.663361073 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.663383007 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.663423061 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.663506031 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.663515091 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.663562059 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.671906948 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.671952009 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.672000885 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.672009945 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.672018051 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.672025919 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.672035933 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.672074080 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.672120094 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.672127962 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.672131062 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.672137976 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.672146082 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.672173977 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.672173977 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.672189951 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.672238111 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.672247887 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.672254086 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.672261000 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.672278881 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.672297001 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.672311068 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.672378063 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.672388077 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.672395945 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.672404051 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.672429085 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.672446966 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.672523975 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.672532082 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.672538996 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.672545910 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.672553062 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.672580957 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.672599077 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.672668934 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.672704935 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.680649996 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.680694103 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.680720091 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.680732012 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.680740118 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.680747986 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.680762053 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.680769920 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.680782080 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.680793047 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.680816889 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.680969000 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.680979013 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.680986881 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.680994987 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.681020975 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.681044102 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.681087017 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.681094885 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.681104898 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.681123972 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.681133032 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.681133032 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.681145906 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.681171894 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.681216955 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.681226015 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.681233883 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.681241989 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.681255102 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.681278944 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.681289911 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.681344032 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.681354046 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.681361914 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.681370020 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.681377888 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.681385040 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.681416035 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.681478977 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.681489944 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.681497097 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.681504011 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.681512117 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.681519985 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.681531906 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.681569099 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.689407110 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.689456940 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.689519882 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.689528942 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.689536095 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.689574957 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.689645052 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.689655066 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.689662933 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.689676046 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.689682007 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.689701080 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.689740896 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.689758062 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.689766884 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.689769983 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.689775944 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.689783096 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.689811945 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.689884901 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.689893961 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.689901114 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.689939022 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.690048933 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.690057039 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.690063953 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.690099955 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.690181017 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.690190077 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.690192938 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.690200090 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.690229893 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.690249920 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.690309048 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.690318108 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.690325022 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.690331936 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.690339088 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.690351009 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.690363884 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.690378904 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.690427065 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.690435886 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.690442085 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.690448999 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.690455914 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.690468073 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.690476894 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.690496922 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.690576077 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.690584898 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.690622091 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.698390007 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.698435068 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.699438095 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.699482918 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.699589014 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.699632883 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.700368881 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.700380087 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.700388908 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.700417042 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.700419903 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.700433969 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.700442076 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.700445890 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.700450897 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.700457096 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.700459957 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.700468063 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.700474977 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.700481892 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.700484037 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.700490952 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.700499058 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.700501919 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.700505972 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.700514078 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.700521946 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.700529099 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.700532913 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.700536013 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.700537920 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.700545073 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.700553894 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.700558901 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.700563908 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.700573921 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.700577021 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.700581074 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.700589895 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.700597048 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.700607061 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.700620890 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.700623035 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.700629950 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.700639009 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.700648069 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.700654984 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.700661898 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.700669050 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.700670958 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.700676918 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.700685024 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.700685978 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.700692892 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.700700045 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.700700045 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.700707912 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.700721025 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.700737000 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.700745106 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.703289032 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.703334093 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.704308987 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.704355955 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.704405069 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.704452038 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.705521107 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.705549002 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.705566883 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.705574036 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.705588102 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.705591917 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.705598116 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.705605030 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.705616951 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.705636978 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.705638885 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.705651045 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.705653906 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.705670118 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.705689907 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.705697060 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.705705881 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.705722094 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.705745935 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.705745935 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.705754995 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.705799103 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.705807924 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.705816031 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.705822945 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.705856085 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.705871105 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.705879927 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.705912113 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.705919027 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.705920935 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.705955982 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.705969095 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.705976963 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.706013918 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.706021070 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.706047058 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.706056118 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.706065893 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.706099033 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.706110954 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.706119061 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.706123114 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.706151009 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.706159115 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.706166983 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.706193924 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.706202030 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.706222057 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.706244946 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.706253052 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.706260920 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.706290007 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.706298113 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.706302881 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.706335068 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.706336021 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.706346035 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.706383944 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.706389904 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.706398010 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.706420898 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.706429005 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.706443071 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.706463099 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.706470013 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.706507921 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.708106995 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.708148956 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.708287001 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.708328962 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.709163904 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.709216118 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.709294081 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.709336042 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.710427999 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.710445881 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.710469961 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.710483074 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.710546017 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.710556984 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.710597992 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.710659027 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.710668087 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.710702896 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.710747957 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.710762978 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.710783958 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.710794926 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.710817099 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.710829973 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.710856915 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.710865021 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.710897923 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.710907936 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.710928917 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.710937023 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.710947990 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.710977077 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.710982084 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.710993052 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.711016893 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.711025953 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.711025953 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.711070061 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.711090088 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.711098909 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.711137056 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.711138964 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.711148024 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.711184978 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.711219072 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.711226940 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.711261988 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.711272001 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.711307049 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.711347103 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.711355925 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.711363077 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.711396933 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.711396933 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.711405039 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.711409092 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.711445093 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.711453915 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.711462021 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.711498976 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.711498976 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.711508036 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.711536884 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.711539984 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.711549997 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.711553097 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.711587906 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.711597919 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.711606026 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.711637974 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.711639881 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.711646080 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.711675882 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.711677074 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.711684942 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.711702108 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.711710930 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.711723089 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.711730003 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.711731911 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.711740017 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.711767912 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.711782932 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.713011026 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.713057041 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.713123083 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.713162899 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.715735912 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.715786934 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.716911077 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.716957092 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.720421076 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720432997 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720453024 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720459938 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720468044 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720468044 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.720484018 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720489025 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.720493078 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720499992 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720501900 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.720510960 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720518112 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720525026 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720529079 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.720532894 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720541000 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720549107 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720551968 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720560074 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720563889 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.720566034 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720578909 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.720587015 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720594883 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720602036 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720606089 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.720606089 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.720609903 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720618963 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720626116 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720633030 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.720633030 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.720633984 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720642090 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720662117 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.720674038 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720676899 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.720684052 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720694065 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720701933 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720705032 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720709085 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720716000 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720721006 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.720722914 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720731020 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720737934 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720745087 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720752954 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720756054 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.720760107 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720771074 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720772982 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.720778942 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720786095 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720793962 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720798969 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.720798969 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.720802069 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720809937 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720814943 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.720818996 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720822096 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.720828056 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720834970 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720838070 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.720843077 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720848083 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.720851898 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.720863104 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.720885992 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.720897913 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.721780062 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.721832037 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.721905947 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.721915007 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.721950054 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.724596024 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.724648952 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.725591898 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.725626945 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.729480982 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.729490995 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.729527950 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.729547024 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.729556084 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.729563951 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.729572058 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.729578018 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.729597092 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.729630947 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.729662895 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.729708910 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.729765892 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.729774952 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.729778051 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.729788065 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.729794979 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.729801893 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.729804993 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.729818106 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.729836941 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.729840994 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.729850054 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.729856968 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.729856968 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.729866028 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.729872942 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.729886055 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.729914904 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.729985952 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.729994059 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.730026007 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.730079889 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.730087996 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.730093956 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.730102062 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.730108976 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.730115891 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.730123043 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.730129957 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.730132103 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.730156898 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.730170965 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.730171919 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.730180979 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.730190039 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.730196953 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.730201006 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.730207920 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.730210066 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.730216026 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.730223894 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.730227947 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.730254889 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.730254889 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.730297089 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.730304956 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.730340958 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.730392933 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.730401993 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.730407953 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.730412006 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.730418921 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.730426073 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.730428934 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.730436087 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.730446100 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.730447054 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.730447054 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.730458975 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.730484009 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.730484009 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.730496883 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.730611086 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.730622053 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.730628967 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.730635881 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.730659008 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.730670929 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.730761051 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.730770111 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.730808020 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.733412027 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.733458042 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.734406948 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.734446049 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.738205910 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.738221884 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.738249063 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.738261938 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.738313913 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.738322973 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.738331079 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.738339901 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.738358974 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.738379002 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.738437891 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.738446951 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.738455057 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.738481045 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.738509893 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.741863966 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.742024899 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.742089987 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.743072987 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.743120909 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.743201971 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.743211985 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.743218899 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.743256092 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.743261099 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.743273020 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.743285894 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.743309975 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.743326902 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.743335962 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.743336916 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.743361950 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.743375063 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.746903896 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.746937990 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.746949911 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.746982098 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.746995926 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.747016907 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.747044086 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.747049093 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.747056007 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.747062922 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.747076988 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.747085094 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.747090101 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.747097969 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.747119904 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.747123957 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.747132063 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.747133970 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.747148991 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.747157097 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.747163057 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.747186899 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.747189045 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.747198105 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.747209072 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.747227907 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.747231960 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.747236967 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.747261047 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.747262001 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.747270107 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.747271061 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.747292995 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.747293949 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.747299910 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.747303963 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.747344971 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.747344971 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.747364998 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.747387886 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.747410059 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.787465096 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.787621975 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.787682056 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.787694931 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.835479021 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.835658073 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.835747957 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.835767984 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.841483116 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841500998 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841507912 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841511011 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841519117 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841528893 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.841532946 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841543913 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841552019 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841557980 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841562033 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.841564894 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841583967 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.841594934 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841603994 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841604948 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.841610909 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841625929 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841633081 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841639996 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841648102 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841648102 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.841651917 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841660976 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841669083 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.841674089 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841682911 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841691971 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841695070 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.841700077 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841711044 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.841711044 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841726065 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841733932 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.841742992 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841747999 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.841752052 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841763020 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.841769934 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841778040 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841784000 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841792107 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841794014 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.841799021 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841806889 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841809034 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.841814041 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841830969 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841833115 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.841840029 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841847897 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841847897 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.841856003 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841862917 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841871977 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.841876984 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841886997 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841897964 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841906071 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841909885 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.841916084 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841929913 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841936111 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.841938019 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841958046 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841960907 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.841968060 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841975927 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841979980 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.841990948 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.841995001 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.842000008 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.842012882 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.842015028 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.842022896 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.842025042 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.842037916 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.842047930 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.842060089 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.842060089 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.842075109 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.842081070 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.842082024 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.842089891 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.842091084 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.842104912 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.842116117 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.842118025 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.842125893 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.842128992 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.842145920 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.842154026 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.842155933 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.842170954 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.842190027 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.842197895 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.842206955 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.842210054 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.842353106 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.847018003 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847031116 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847039938 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847062111 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847075939 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.847076893 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847093105 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.847098112 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847114086 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.847114086 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847129107 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847153902 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847161055 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.847162008 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847178936 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.847199917 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.847199917 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847213030 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847238064 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.847251892 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847260952 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847261906 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.847270012 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847279072 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847292900 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.847306967 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.847325087 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.847357988 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847367048 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847374916 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847383022 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847398996 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.847415924 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.847419024 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847429037 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847457886 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.847465992 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847476006 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847511053 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.847565889 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847592115 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847599983 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847608089 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.847620010 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847625017 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.847635984 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847635984 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.847652912 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847660065 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.847662926 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847676992 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.847682953 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847683907 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.847697973 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847704887 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.847712040 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847718000 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.847728014 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.847731113 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847747087 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847749949 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.847760916 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.847778082 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.847784042 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847793102 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847820044 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847824097 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.847836018 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847857952 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847866058 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.847867012 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847881079 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.847907066 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.847954988 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847965002 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847971916 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.847982883 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.848004103 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.848015070 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.848016024 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.848028898 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.848032951 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.848042011 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.848050117 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.848053932 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.848067045 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.848067999 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.848073006 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.848078966 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.848102093 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.848108053 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.848117113 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.848119974 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.848140001 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.848146915 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.848148108 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.848171949 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.848185062 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.848189116 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.848193884 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.848208904 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.848226070 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.848227978 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.848237991 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.848251104 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.848265886 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.848274946 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.848305941 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.848305941 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.848315001 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.848341942 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.848361015 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.848370075 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.848403931 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.848442078 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.848452091 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.848460913 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.848476887 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.848480940 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.848491907 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.848499060 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.848500013 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.848515034 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.848536015 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.851963997 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.852010965 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.852025986 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.852067947 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.852068901 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.852104902 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.852107048 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.852116108 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.852149963 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.852150917 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.852163076 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.852207899 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.852266073 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.852277040 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.852305889 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.852307081 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.852317095 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.852334976 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.852349997 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.852353096 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.852360964 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.852391958 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.852401018 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.852401018 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.852440119 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.852472067 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.852509022 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.852513075 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.852546930 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.852585077 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.852607965 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.852623940 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.852631092 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.852643013 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.852648973 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.852662086 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.852664948 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.852673054 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.852684975 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.852705956 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.852710962 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.852716923 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.852750063 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.852751970 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.852760077 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.852787971 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.852806091 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.852897882 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.852907896 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.852920055 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.852940083 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.852943897 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.852962971 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.852966070 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.852972984 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.852991104 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.853004932 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.853013992 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.853025913 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.853055954 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.853085041 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.853096008 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.853096008 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.853113890 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.853135109 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.853156090 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.853168964 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.853180885 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.853207111 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.853209019 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.853219032 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.853220940 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.853250027 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.853251934 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.853264093 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.853288889 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.853291035 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.853298903 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.853317976 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.853339911 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.853372097 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.853382111 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.853399038 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.853408098 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.853408098 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.853426933 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.853437901 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.853455067 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.853468895 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.853472948 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.853511095 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.853518963 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.853528976 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.853555918 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.853569984 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.853575945 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.853595018 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.853600979 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.853617907 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.853630066 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.853631020 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.853662968 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.893752098 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.893946886 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.894032955 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.894061089 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.898864031 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.898916960 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.898924112 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.898926020 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.898933887 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.898956060 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.898967028 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.898976088 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.898983002 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.899004936 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.899005890 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.899014950 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.899044037 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.899046898 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.899056911 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.899079084 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.899077892 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.899094105 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.899102926 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.899102926 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.899118900 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.899131060 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.899143934 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.899171114 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.899171114 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.899195910 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.899209976 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.899210930 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.899226904 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.899234056 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.899243116 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.899250984 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.899252892 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.899269104 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.899285078 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.899338961 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.899348021 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.899374008 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.899382114 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.899383068 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.899403095 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.899405003 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.899413109 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.899422884 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.899450064 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.899481058 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.899490118 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.899513960 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.899525881 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.899528980 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.899548054 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.899561882 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.899561882 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.899569988 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.899585009 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.899597883 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.899612904 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.899621010 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.899629116 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.899661064 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.899705887 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.899715900 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.899723053 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.899729967 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.899748087 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.899774075 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.943511009 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.943702936 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.943803072 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.943844080 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.966713905 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.966865063 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.966944933 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.966974974 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.971769094 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.971792936 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.971801996 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.971808910 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.971817017 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.971834898 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.971837044 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.971846104 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.971865892 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.971869946 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.971877098 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.971878052 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.971888065 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.971904039 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.971920013 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.971935034 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.971946955 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.971976995 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.971986055 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.971988916 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.971999884 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.972023010 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.972029924 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.972043037 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.972047091 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.972069979 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.972084999 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.972086906 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.972094059 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.972112894 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.972125053 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.972148895 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.972167969 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.972177029 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.972183943 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.972191095 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.972218037 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.972232103 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.972297907 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.972306967 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.972316027 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.972332954 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.972341061 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.972347021 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.972348928 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.972361088 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.972368002 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.972377062 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.972390890 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.972392082 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.972403049 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.972419024 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.972423077 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.972430944 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.972433090 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.972441912 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.972454071 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.972455025 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.972466946 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.972480059 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.972491026 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.972498894 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.972506046 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.972513914 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.972515106 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.972531080 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.972537994 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.972542048 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.972553968 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.972560883 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.972562075 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:18:59.972579956 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:18:59.972593069 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.015467882 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.015672922 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.015757084 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.015789986 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.029225111 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.029376984 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.029452085 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.029481888 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.034307957 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.034320116 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.034328938 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.034337044 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.034365892 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.034382105 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.034404993 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.034414053 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.034418106 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.034420967 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.034439087 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.034456015 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.034461021 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.034471035 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.034471989 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.034487963 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.034490108 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.034507036 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.034513950 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.034523964 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.034533978 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.034549952 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.034563065 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.034573078 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.034578085 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.034586906 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.034590006 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.034606934 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.034615040 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.034622908 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.034624100 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.034631968 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.034657001 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.034662008 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.034667015 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.034692049 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.034701109 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.034701109 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.034729004 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.034730911 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.034740925 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.034761906 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.034765959 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.034770012 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.034775019 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.034800053 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.034807920 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.034812927 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.034852982 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.034874916 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.034883976 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.034913063 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.034920931 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.034921885 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.034956932 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.034960032 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.034984112 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.035005093 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.035012960 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.035020113 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.035034895 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.035037041 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.035043955 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.035051107 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.035083055 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.035089970 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.035092115 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.035113096 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.035120964 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.035129070 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.035157919 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.035175085 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.035183907 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.035191059 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.035212994 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.035221100 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.035222054 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.035233974 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.035254955 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.035264015 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.035267115 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.035284042 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.035300016 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.035300970 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.035326004 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.035345078 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.035357952 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.035367012 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.035406113 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.035410881 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.035422087 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.035458088 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.035461903 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.035492897 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.035502911 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.035517931 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.035535097 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.035542011 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.035553932 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.035559893 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.035593033 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.035649061 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.035664082 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.035675049 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.035693884 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.035693884 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.035705090 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.035710096 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.035720110 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.035726070 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.035742998 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.035751104 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.035788059 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.039406061 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.039455891 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.039531946 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.039555073 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.039567947 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.039576054 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.039597988 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.039607048 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.039644957 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.039690018 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.039705038 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.039736986 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.039753914 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.039786100 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.039833069 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.039875031 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.039917946 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.039964914 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.039980888 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.039989948 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.040021896 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.040044069 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.040074110 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.040121078 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.040203094 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.040251017 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.040292978 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.040309906 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.040363073 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.040411949 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.040424109 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.040446043 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.040452957 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.040467978 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.040471077 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.040497065 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.040510893 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.040545940 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.040555000 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.040570021 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.040577888 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.040596008 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.040605068 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.040621042 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.040647030 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.040651083 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.040673018 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.040707111 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.040723085 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.040730953 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.040777922 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.040842056 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.040851116 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.040854931 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.040896893 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.040910006 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.040911913 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.040934086 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.040942907 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.040951014 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.040956974 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.040965080 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.040982008 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.040986061 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.041011095 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.041011095 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.041028023 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.041054010 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.041079044 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.041088104 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.041093111 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.041152954 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.044296026 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.044317961 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.044344902 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.044370890 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.044392109 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.044421911 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.044451952 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.044476986 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.044507027 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.044550896 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.044559956 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.044569969 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.044605017 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.044692039 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.044744015 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.044809103 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.044852972 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.044884920 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.044895887 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.044910908 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.044934988 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.044939995 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.044954062 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.044980049 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.045054913 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.045101881 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.045252085 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.045269012 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.045296907 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.045397043 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.091478109 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.091609001 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.091661930 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.091698885 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.098767996 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.098927975 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.098988056 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.099021912 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.103921890 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.103967905 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.104034901 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.104078054 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.104096889 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.104135036 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.104219913 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.104228973 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.104268074 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.104370117 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.104410887 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.104475021 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.104521990 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.104584932 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.104624987 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.104693890 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.104731083 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.104734898 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.104770899 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.104785919 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.104806900 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.104826927 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.104842901 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.104897022 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.104904890 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.104932070 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.104942083 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.104979038 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.104979038 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.105024099 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.105040073 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.105050087 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.105076075 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.105083942 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.105098963 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.105123043 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.105145931 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.105159044 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.105168104 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.105195045 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.105201960 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.105211020 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.105216980 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.105252981 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.105294943 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.105309010 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.105317116 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.105335951 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.105345011 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.105350018 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.105361938 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.105392933 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.105392933 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.105402946 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.105416059 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.105432034 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.105444908 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.105458021 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.105462074 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.105470896 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.105499983 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.105510950 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.105532885 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.105570078 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.105575085 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.105622053 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.105634928 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.105643034 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.105647087 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.105663061 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.105670929 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.105679035 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.105695963 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.105721951 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.105730057 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.105732918 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.105777979 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.105798006 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.105807066 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.105844021 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.105912924 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.105921984 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.105925083 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.105931997 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.105968952 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.105988979 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.108822107 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.108875990 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.108930111 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.108943939 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.108979940 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.109064102 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.109111071 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.109199047 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.109239101 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.109244108 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.109282970 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.109318018 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.109368086 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.109486103 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.109493971 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.109538078 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.109599113 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.109643936 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.109680891 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.109689951 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.109724998 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.109730005 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.109771013 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.109842062 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.109849930 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.109886885 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.109895945 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.109932899 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.109961987 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.110001087 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.110054016 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.110099077 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.110112906 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.110148907 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.110158920 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.110193014 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.110203028 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.110245943 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.110275030 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.110316992 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.110362053 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.110369921 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.110409975 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.110414982 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.110456944 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.110518932 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.110563993 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.110614061 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.110663891 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.110773087 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.110817909 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.110891104 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.110899925 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.110907078 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.110934973 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.110949993 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.110970020 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.110980034 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.111008883 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.111016035 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.111027956 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.111059904 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.111097097 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.111143112 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.111252069 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.111264944 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.111273050 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.111280918 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.111287117 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.111301899 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.111318111 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.111324072 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.111332893 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.111336946 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.111350060 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.111373901 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.111390114 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.111404896 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.111413956 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.111448050 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.111450911 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.111455917 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.111498117 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.111540079 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.111552000 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.111588001 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.113698959 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.113739967 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.113779068 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.113822937 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.113868952 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.113914967 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.113974094 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.114020109 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.114020109 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.114072084 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.114154100 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.114197969 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.114197969 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.114242077 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.114247084 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.114272118 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.114286900 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.114319086 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.114357948 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.114402056 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.114430904 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.114475965 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.114505053 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.114551067 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.114569902 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.114578009 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.114623070 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.114736080 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.114744902 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.114785910 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.114872932 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.114881039 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.114921093 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.114959955 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.114976883 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.115004063 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.115005970 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.115015030 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.115030050 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.115057945 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.115068913 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.115130901 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.115175962 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.115192890 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.115226984 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.115240097 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.115252972 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.115272045 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.115293980 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.115322113 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.115364075 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.115466118 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.115511894 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.115581989 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.115664005 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.115701914 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.115746021 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.115758896 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.115803957 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.115844965 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.115853071 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.115864992 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.115873098 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.115890026 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.115910053 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.115978956 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.116017103 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.116024017 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.116067886 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.116096973 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.116118908 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.116142988 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.116158962 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.116183996 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.116229057 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.116377115 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.116416931 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.116434097 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.116470098 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.116475105 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.116509914 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.116522074 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.116524935 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.116561890 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.116600990 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.116610050 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.116647005 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.116653919 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.116656065 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.116689920 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.116693974 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.116698027 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.116744041 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.118522882 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.118571043 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.118616104 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.118659973 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.118693113 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.118736029 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.118824005 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.118850946 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.118870020 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.118892908 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.118948936 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.118999004 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.119043112 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.119086981 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.119091034 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.119096041 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.119139910 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.119190931 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.119235992 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.119349957 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.119394064 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.119416952 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.119436979 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.119462013 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.119468927 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.119472980 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.119497061 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.119517088 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.119540930 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.119580984 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.119590044 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.119633913 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.119719982 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.119764090 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.119817972 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.119846106 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.119862080 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.119890928 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.119890928 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.119934082 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.119940996 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.119950056 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.119982958 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.119993925 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.120024920 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.120035887 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.120074987 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.120079994 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.120114088 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.120142937 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.120151043 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.120191097 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.120264053 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.120311975 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.120471954 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.120520115 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.120558023 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.120600939 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.120654106 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.120697975 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.120769978 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.120778084 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.120799065 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.120805979 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.120822906 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.120843887 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.120861053 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.120907068 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.120912075 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.120939970 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.120948076 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.120959044 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.120989084 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.120990992 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.121041059 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.121136904 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.121189117 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.121205091 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.121248960 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.121279955 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.121323109 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.121402025 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.121439934 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.121447086 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.121484041 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.121505976 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.121526003 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.121546984 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.121565104 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.121582031 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.121630907 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.121665001 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.121680975 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.121695042 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.121701956 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.121709108 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.121726990 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.121733904 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.121740103 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.121752977 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.121761084 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.121781111 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.121799946 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.123455048 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.123503923 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.123511076 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.123519897 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.123560905 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.123651981 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.123701096 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.123740911 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.123788118 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.123855114 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.123895884 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.123898983 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.123934984 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.123949051 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.123975992 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.123992920 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.124015093 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.124047041 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.124095917 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.124212980 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.124260902 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.124294996 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.124341011 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.124353886 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.124397039 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.124419928 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.124464035 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.124511003 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.124519110 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.124536037 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.124558926 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.124584913 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.124619961 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.124628067 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.124672890 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.124696970 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.124705076 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.124738932 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.124741077 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.124779940 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.124788046 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.124835968 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.124870062 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.124877930 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.124914885 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.124916077 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.124963999 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.124964952 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.125000954 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.125004053 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.125035048 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.125046015 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.125081062 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.125263929 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.125314951 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.125405073 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.125451088 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.125485897 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.125494003 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.125533104 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.125628948 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.125669003 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.125675917 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.125677109 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.125719070 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.125776052 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.125819921 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.125844955 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.125853062 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.125883102 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.125894070 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.125930071 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.125931978 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.125942945 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.125972986 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.125978947 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.126015902 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.126223087 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.126266956 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.126403093 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.126447916 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.126487970 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.126517057 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.126529932 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.126560926 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.126619101 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.126626968 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.126657963 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.126668930 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.126709938 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.126756907 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.126765966 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.126769066 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.126801968 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.126811028 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.126847982 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.126859903 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.126868963 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.126899958 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.126908064 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.126914024 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.126950026 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.128412008 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.128462076 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.128480911 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.128489017 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.128524065 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.128563881 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.128611088 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.128643990 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.128684044 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.128721952 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.128740072 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.128768921 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.128873110 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.128922939 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.128932953 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.128978968 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.129003048 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.129018068 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.129053116 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.129067898 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.129137993 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.129188061 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.129251003 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.129297018 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.129412889 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.129453897 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.129458904 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.129462957 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.129511118 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.129534006 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.129576921 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.129631042 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.129664898 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.129678965 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.129714012 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.129793882 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.129832029 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.129839897 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.129877090 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.129878998 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.129894972 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.129904032 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.129926920 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.129940033 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.129949093 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.129993916 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.130000114 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.130003929 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.130044937 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.130074024 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.130081892 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.130119085 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.130122900 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.130135059 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.130168915 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.130184889 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.130217075 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.130264044 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.130294085 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.130340099 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.130347013 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.130393028 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.130532026 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.130541086 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.130580902 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.130614042 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.130667925 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.130671978 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.130717039 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.130723000 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.130732059 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.130764008 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.130774975 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.130809069 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.130824089 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.130861044 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.130870104 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.130887032 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.130897045 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.130907059 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.130938053 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.131110907 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.131160975 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.131417990 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.131431103 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.131438017 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.131470919 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.131491899 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.131576061 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.131584883 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.131591082 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.131612062 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.131627083 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.131644964 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.131654024 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.131731033 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.131777048 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.131809950 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.131850004 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.131858110 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.131890059 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.131895065 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.131917953 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.131936073 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.131947994 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.131957054 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.131966114 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.131985903 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.132008076 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.133218050 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.133265018 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.133330107 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.133352041 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.133358955 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.133374929 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.133393049 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.133420944 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.133469105 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.133553982 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.133605003 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.133608103 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.133645058 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.133647919 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.133692026 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.133698940 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.133747101 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.133843899 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.133886099 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.133889914 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.133894920 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.133939028 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.133939981 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.133985996 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.134171963 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.134222031 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.134249926 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.134295940 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.134305954 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.134356022 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.134452105 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.134501934 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.134582043 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.134593010 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.134632111 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.134722948 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.134732962 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.134774923 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.134804964 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.134836912 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.134845018 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.134850025 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.134886980 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.134912014 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.134957075 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.134990931 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.135020018 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.135042906 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.135071993 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.135071993 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.135123014 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.135132074 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.135158062 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.135164976 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.135186911 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.135204077 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.135229111 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.135236979 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.135251999 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.135286093 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.135431051 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.135473013 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.135489941 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.135541916 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.135545969 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.135610104 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.135612011 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.135659933 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.135663033 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.135672092 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.135698080 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.135708094 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.135746956 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.135787964 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.135803938 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.135812998 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.135850906 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.135852098 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.135859966 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.135880947 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.135906935 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.135926008 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.135967970 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.136023045 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.136271954 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.136317968 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.136344910 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.136385918 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.136390924 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.136429071 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.136430979 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.136473894 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.136476040 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.136485100 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.136514902 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.136528969 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.136557102 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.136565924 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.136611938 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.136709929 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.136756897 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.136773109 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.136781931 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.136817932 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.136900902 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.136918068 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.136951923 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.136954069 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.136982918 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.136996984 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.138025999 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.138081074 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.138205051 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.138241053 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.138252974 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.138286114 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.138293028 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.138323069 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.138338089 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.138366938 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.138415098 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.138423920 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.138463974 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.138540030 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.138586998 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.138608932 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.138617992 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.138659954 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.138721943 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.138767004 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.138772964 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.138777018 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.138813972 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.138817072 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.138858080 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.138994932 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.139045000 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.139107943 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.139153957 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.139157057 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.139204025 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.139353991 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.139365911 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.139401913 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.139415979 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.139441967 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.139461994 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.139492989 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.139583111 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.139592886 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.139633894 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.139640093 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.139662981 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.139687061 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.139697075 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.139702082 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.139707088 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.139753103 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.139799118 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.139846087 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.139863014 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.139870882 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.139914036 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.139950037 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.139995098 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.140033007 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.140058041 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.140079021 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.140096903 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.140105009 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.140149117 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.140153885 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.140186071 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.140201092 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.140233040 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.140256882 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.140266895 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.140311956 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.140419960 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.140429974 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.140450001 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.140458107 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.140477896 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.140510082 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.140515089 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.140543938 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.140563965 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.140590906 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.140609980 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.140649080 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.140655994 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.140691996 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.140693903 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.140739918 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.140798092 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.140844107 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.140846014 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.140866995 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.140891075 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.140913963 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.141055107 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.141102076 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.141113997 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.141160011 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.141207933 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.141251087 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.141256094 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.141259909 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.141299009 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.141336918 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.141357899 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.141385078 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.141397953 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.141407013 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.141407013 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.141450882 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.141540051 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.141583920 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.141608000 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.141649008 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.141655922 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.141696930 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.141807079 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.141815901 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.141834021 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.141858101 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.141877890 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.142868996 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.142920017 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.143120050 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.143130064 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.143174887 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.143218040 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.143228054 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.143269062 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.143275023 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.143285990 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.143332005 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.143346071 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.143390894 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.143454075 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.143462896 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.143491030 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.143507004 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.143544912 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.143610954 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.143657923 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.143685102 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.143699884 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.143709898 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.143728971 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.143744946 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.143809080 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.143853903 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.143971920 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.144017935 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.144047022 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.144098043 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.144172907 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.144218922 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.144232035 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.144264936 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.144273043 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.144279957 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.144320011 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.144434929 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.144481897 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.144493103 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.144539118 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.144562960 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.144572020 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.144623995 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.144637108 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.144671917 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.144681931 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.144684076 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.144726992 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.144767046 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.144777060 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.144802094 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.144819975 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.144839048 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.144855022 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.144870996 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.144882917 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.144922972 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.144957066 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.145005941 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.145030022 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.145076990 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.145081997 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.145097971 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.145106077 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.145137072 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.145154953 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.145294905 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.145339966 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.145343065 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.145375013 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.145385981 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.145400047 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.145409107 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.145430088 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.145440102 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.145447969 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.145487070 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.145499945 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.145510912 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.145541906 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.145550013 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.145550966 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.145596027 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.145658970 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.145697117 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.145710945 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.145725965 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.145745039 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.145772934 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.145864964 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.145908117 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.145911932 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.145953894 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.146063089 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.146097898 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.146106958 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.146147966 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.146161079 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.146197081 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.146205902 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.146205902 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.146236897 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.146246910 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.146282911 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.146307945 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.146348000 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.146353960 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.146393061 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.146444082 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.146471024 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.146492958 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.146507978 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.146584034 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.146620989 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.146631002 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.146670103 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.146826029 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.146873951 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.147757053 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.147805929 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.148058891 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.148083925 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.148108006 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.148121119 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.148156881 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.148206949 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.148246050 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.148288012 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.148297071 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.148324013 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.148345947 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.148372889 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.148385048 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.148394108 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.148423910 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.148442984 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.148471117 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.148504972 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.148550987 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.148580074 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.148629904 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.148649931 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.148658037 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.148683071 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.148689985 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.148699045 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.148737907 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.148762941 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.148808956 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.148849010 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.148900032 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.148915052 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.148961067 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.148989916 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.149036884 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.149121046 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.149168015 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.149175882 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.149185896 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.149228096 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.149291992 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.149342060 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.149347067 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.149399042 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.149456978 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.149502993 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.149503946 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.149549961 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.149586916 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.149595976 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.149637938 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.149683952 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.149729967 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.149761915 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.149805069 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.149810076 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.149851084 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.149852037 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.149902105 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.149913073 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.149956942 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.149995089 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.150013924 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.150043011 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.150054932 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.150063038 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.150082111 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.150110960 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.150113106 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.150135040 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.150163889 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.150165081 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.150211096 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.150237083 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.150245905 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.150290012 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.150311947 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.150355101 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.150432110 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.150440931 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.150456905 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.150480032 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.150496960 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.150528908 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.150574923 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.150588989 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.150598049 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.150639057 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.150643110 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.150682926 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.150685072 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.150732040 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.150748014 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.150758028 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.150788069 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.150799036 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.150831938 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.150902987 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.150943041 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.150949955 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.150988102 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.151021004 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.151058912 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.151067019 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.151108980 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.151109934 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.151154995 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.151199102 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.151207924 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.151226997 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.151247978 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.151268005 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.151324034 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.151340008 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.151375055 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.151388884 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.151388884 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.151432991 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.151432991 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.151484966 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.151518106 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.151552916 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.151563883 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.151595116 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.151598930 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.151640892 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.151858091 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.151904106 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.152802944 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.152856112 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.152903080 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.152949095 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.152992010 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.153039932 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.153055906 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.153106928 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.153243065 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.153251886 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.153295040 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.153321028 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.153362989 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.153364897 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.153393984 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.153409958 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.153419971 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.153440952 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.153462887 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.153549910 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.153559923 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.153603077 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.153661013 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.153707027 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.153744936 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.153757095 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.153770924 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.153785944 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.153794050 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.153796911 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.153820038 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.153846979 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.153852940 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.153875113 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.153903008 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.153937101 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.154012918 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.154042006 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.154062033 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.154072046 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.154079914 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.154118061 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.154134035 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.154153109 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.154180050 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.154196024 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.154272079 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.154316902 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.154462099 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.154470921 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.154505014 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.154510975 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.154541016 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.154553890 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.154597998 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.154634953 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.154644966 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.154652119 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.154694080 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.154738903 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.154776096 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.154786110 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.154817104 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.154911041 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.154954910 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.154964924 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.155014038 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.155060053 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.155106068 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.155196905 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.155206919 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.155215025 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.155246973 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.155267000 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.155284882 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.155330896 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.155353069 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.155361891 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.155390024 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.155402899 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.155447960 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.155484915 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.155494928 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.155518055 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.155536890 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.155560970 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.155565023 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.155606031 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.155673981 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.155720949 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.155724049 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.155741930 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.155751944 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.155778885 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.155798912 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.155800104 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.155838966 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.155846119 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.155848026 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.155890942 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.155909061 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.155919075 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.155947924 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.155961037 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.155999899 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.156060934 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.156106949 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.156111956 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.156157970 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.156181097 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.156208992 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.156232119 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.156260967 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.156263113 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.156303883 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.156311035 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.156349897 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.156352997 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.156398058 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.156404018 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.156450987 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.156451941 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.156472921 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.156481981 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.156497002 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.156532049 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.156550884 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.156596899 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.156814098 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.156862020 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.157759905 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.157779932 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.157807112 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.157819986 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.157856941 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.157902956 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.157953978 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.157999992 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.158037901 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.158077955 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.158085108 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.158127069 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.158162117 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.158200026 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.158210039 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.158243895 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.158277988 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.158325911 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.158338070 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.158382893 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.158469915 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.158510923 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.158515930 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.158548117 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.158559084 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.158585072 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.158593893 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.158631086 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.158735037 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.158757925 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.158786058 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.158799887 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.158817053 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.158864021 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.158910990 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.158957005 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.159006119 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.159015894 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.159054041 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.159066916 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.159111977 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.159193993 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.159238100 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.159305096 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.159331083 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.159359932 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.159375906 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.159404039 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.159411907 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.159460068 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.159467936 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.159473896 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.159507990 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.159516096 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.159554005 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.159564018 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.159593105 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.159610033 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.159636974 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.159676075 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.159684896 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.159688950 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.159702063 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.159740925 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.159791946 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.159813881 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.159821987 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.159837961 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.159859896 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.159897089 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.159905910 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.159957886 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.160039902 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.160058975 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.160082102 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.160099030 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.160171032 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.160218954 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.160274982 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.160314083 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.160322905 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.160358906 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.160403967 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.160444975 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.160450935 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.160486937 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.160490036 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.160538912 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.160582066 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.160590887 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.160629988 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.160686970 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.160725117 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.160732985 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.160772085 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.160797119 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.160837889 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.160845041 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.160881042 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.160883904 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.160898924 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.160924911 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.160943031 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.160953045 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.160974979 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.161005020 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.161017895 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.161024094 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.161071062 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.161094904 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.161142111 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.161156893 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.161175966 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.161202908 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.161216974 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.161235094 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.161278009 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.161282063 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.161320925 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.161322117 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.161370039 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.161390066 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.161403894 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.161416054 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.161433935 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.161436081 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.161453962 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.161467075 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.161473036 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.161501884 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.161514044 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.161525965 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.161535025 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.161545038 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.161572933 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.161638021 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.161645889 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.161691904 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.162625074 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.162666082 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.162673950 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.162674904 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.162725925 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.162748098 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.162796974 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.162895918 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.162904024 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.162945986 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.163007975 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.163048983 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.163054943 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.163098097 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.163197041 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.163206100 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.163213968 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.163247108 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.163264990 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.163311005 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.163343906 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.163361073 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.163389921 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.163479090 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.163487911 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.163535118 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.163569927 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.163616896 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.163633108 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.163650990 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.163685083 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.163701057 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.163778067 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.163803101 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.163822889 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.163841963 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.163904905 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.163913965 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.163955927 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.164005995 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.164057016 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.164149046 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.164186001 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.164199114 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.164230108 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.164231062 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.164277077 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.164285898 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.164294958 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.164335966 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.164371967 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.164381027 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.164426088 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.164518118 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.164570093 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.164582968 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.164618015 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.164627075 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.164632082 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.164660931 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.164665937 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.164700985 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.164715052 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.164716959 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.164736032 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.164748907 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.164767981 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.164777040 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.164819956 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.164819956 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.164832115 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.164861917 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.164870024 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.164891958 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.164910078 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.164942980 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.164974928 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.165019035 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.165107965 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.165153980 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.165153980 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.165196896 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.165287971 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.165338039 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.165350914 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.165373087 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.165401936 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.165417910 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.165446997 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.165463924 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.165473938 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.165493965 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.165509939 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.165533066 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.165580034 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.165680885 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.165697098 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.165728092 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.165743113 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.165766001 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.165787935 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.165796041 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.165816069 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.165826082 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.165832996 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.165836096 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.165879965 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.165954113 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.166001081 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.166018009 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.166043997 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.166064978 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.166078091 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.166105986 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.166115046 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.166167021 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.166192055 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.166222095 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.166239977 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.166266918 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.166261911 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.166312933 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.166352034 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.166368961 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.166378975 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.166398048 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.166412115 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.166420937 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.166461945 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.166461945 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.166472912 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.166507006 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.166548967 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.166590929 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.166618109 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.166625977 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.166668892 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.167535067 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.167543888 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.167576075 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.167598009 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.167619944 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.167653084 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.167701960 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.167721033 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.167768002 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.167773962 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.167819977 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.167974949 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.167984009 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.168025017 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.168085098 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.168100119 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.168128967 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.168129921 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.168148041 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.168175936 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.168198109 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.168206930 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.168251038 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.168344975 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.168354988 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.168397903 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.168477058 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.168486118 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.168495893 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.168525934 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.168540955 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.168575048 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.168582916 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.168626070 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.168730974 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.168775082 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.168797016 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.168839931 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.168843985 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.168885946 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.168952942 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.168991089 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.168998003 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.169037104 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.169111967 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.169162035 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.169163942 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.169209957 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.169213057 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.169230938 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.169241905 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.169260025 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.169286966 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.169313908 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.169361115 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.169401884 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.169447899 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.169512033 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.169534922 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.169557095 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.169575930 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.169620037 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.169653893 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.169665098 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.169708014 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.169711113 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.169754028 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.169763088 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.169775963 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.169784069 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.169792891 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.169800997 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.169825077 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.169836044 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.169866085 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.169873953 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.169883013 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.169903994 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.169915915 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.169954062 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.170037985 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.170047998 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.170088053 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.170124054 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.170164108 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.170222044 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.170268059 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.170305967 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.170315027 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.170351982 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.170356035 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.170391083 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.170397997 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.170433998 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.170448065 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.170484066 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.170597076 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.170605898 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.170646906 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.170684099 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.170694113 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.170710087 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.170725107 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.170737982 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.170752048 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.170762062 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.170775890 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.170792103 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.170814991 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.170833111 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.170855999 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.170886993 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.170905113 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.170929909 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.170988083 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.171003103 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.171010971 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.171041012 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.171061993 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.171088934 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.171097994 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.171139002 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.171185017 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.171195030 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.171202898 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.171247959 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.171252012 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.171257019 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.171299934 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.171338081 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.171361923 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.171392918 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.171407938 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.171422005 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.171469927 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.171581030 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.171624899 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.171633005 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.171679020 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.172388077 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.172398090 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.172441006 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.172449112 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.172485113 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.172494888 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.172529936 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.172693968 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.172703028 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.172746897 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.172782898 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.172812939 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.172832012 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.172857046 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.172930002 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.172946930 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.172977924 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.172991037 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.172991037 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.173031092 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.173032999 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.173057079 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.173080921 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.173099041 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.173157930 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.173204899 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.173213005 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.173264980 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.173348904 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.173372030 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.173398972 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.173403978 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.173413038 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.173413992 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.173449039 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.173455000 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.173494101 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.173512936 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.173564911 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.173590899 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.173613071 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.173639059 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.173650980 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.173652887 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.173707962 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.173866034 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.173912048 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.173957109 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.173989058 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.174004078 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.174031973 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.174037933 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.174088955 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.174129009 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.174144030 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.174177885 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.174185038 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.174228907 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.174232960 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.174238920 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.174283028 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.174371004 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.174381018 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.174421072 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.174505949 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.174551964 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.174591064 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.174638033 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.174678087 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.174722910 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.174731970 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.174761057 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.174782038 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.174803972 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.174858093 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.174874067 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.174881935 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.174911022 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.174926996 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.174952030 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.174962044 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.175005913 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.175005913 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.175017118 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.175036907 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.175069094 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.175081968 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.175116062 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.175162077 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.175169945 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.175215006 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.175245047 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.175285101 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.175291061 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.175332069 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.175343990 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.175390959 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.175407887 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.175417900 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.175455093 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.175601959 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.175649881 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.175702095 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.175712109 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.175720930 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.175753117 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.175766945 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.175785065 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.175821066 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.175833941 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.175863028 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.175863981 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.175908089 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.175954103 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.175983906 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.175998926 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.176033974 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.176068068 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.176115990 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.176192999 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.176208019 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.176237106 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.176246881 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.176281929 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.176322937 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.176354885 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.176362991 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.176373005 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.176400900 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.176408052 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.176439047 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.176460981 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.176484108 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.176520109 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.176528931 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.176568985 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.176631927 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.176676035 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.176676989 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.176685095 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.176704884 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.176726103 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.176753044 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.176754951 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.176800966 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.177206993 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.177263021 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.177330971 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.177340031 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.177385092 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.177433014 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.177479029 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.177570105 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.177614927 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.177687883 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.177700043 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.177716970 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.177736044 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.177736044 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.177767038 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.177773952 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.177803040 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.177813053 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.177859068 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.177894115 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.177906036 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.177937984 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.177942038 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.177973986 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.177989006 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.178006887 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.178020000 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.178060055 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.178121090 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.178168058 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.178220987 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.178267956 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.178272963 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.178297997 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.178313971 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.178342104 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.178411961 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.178461075 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.178474903 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.178520918 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.178538084 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.178548098 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.178555012 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.178586006 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.178591967 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.178639889 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.178786039 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.178831100 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.178875923 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.178924084 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.178960085 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.178993940 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.179007053 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.179044962 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.179049015 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.179095030 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.179100037 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.179130077 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.179138899 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.179147005 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.179188013 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.179195881 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.179234982 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.179248095 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.179280996 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.179289103 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.179297924 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.179342031 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.179450989 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.179497957 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.179533958 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.179574013 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.179580927 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.179620028 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.179667950 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.179712057 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.179764032 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.179819107 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.223436117 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.223608971 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.223675966 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.223720074 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.223799944 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.223845959 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.271492004 CET156664970466.63.187.173192.168.2.5
                                                              Jan 5, 2025 20:19:00.271692991 CET4970415666192.168.2.566.63.187.173
                                                              Jan 5, 2025 20:19:00.271759987 CET4970415666192.168.2.566.63.187.173

                                                              DNS Queries

                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                              Jan 5, 2025 20:18:54.480884075 CET192.168.2.51.1.1.10x370eStandard query (0)api.ipify.orgA (IP address)IN (0x0001)false

                                                              DNS Answers

                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                              Jan 5, 2025 20:18:54.487793922 CET1.1.1.1192.168.2.50x370eNo error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                              Jan 5, 2025 20:18:54.487793922 CET1.1.1.1192.168.2.50x370eNo error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                              Jan 5, 2025 20:18:54.487793922 CET1.1.1.1192.168.2.50x370eNo error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false

                                                              HTTPS Proxied Packets

                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              0192.168.2.549705172.67.74.1524431472C:\Users\user\Desktop\drop1.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-05 19:18:55 UTC100OUTGET / HTTP/1.1
                                                              Accept: text/html; text/plain; */*
                                                              Host: api.ipify.org
                                                              Cache-Control: no-cache
                                                              2025-01-05 19:18:55 UTC424INHTTP/1.1 200 OK
                                                              Date: Sun, 05 Jan 2025 19:18:55 GMT
                                                              Content-Type: text/plain
                                                              Content-Length: 12
                                                              Connection: close
                                                              Vary: Origin
                                                              CF-Cache-Status: DYNAMIC
                                                              Server: cloudflare
                                                              CF-RAY: 8fd5d122396a42f2-EWR
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1712&min_rtt=1704&rtt_var=655&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2819&recv_bytes=738&delivery_rate=1649717&cwnd=222&unsent_bytes=0&cid=953dd1a640d1a207&ts=179&x=0"
                                                              2025-01-05 19:18:55 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                              Data Ascii: 8.46.123.189


                                                              Statistics

                                                              CPU Usage

                                                              Click to jump to process

                                                              Memory Usage

                                                              Click to jump to process

                                                              High Level Behavior Distribution

                                                              Click to dive into process behavior distribution

                                                              Behavior

                                                              Click to jump to process

                                                              System Behavior

                                                              General

                                                              Target ID:0
                                                              Start time:14:18:52
                                                              Start date:05/01/2025
                                                              Path:C:\Users\user\Desktop\drop1.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Users\user\Desktop\drop1.exe"
                                                              Imagebase:0x150000
                                                              File size:1'293'312 bytes
                                                              MD5 hash:C401A019B5A9E44646577F8922E1014E
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:low
                                                              Has exited:true

                                                              General

                                                              Target ID:1
                                                              Start time:14:18:52
                                                              Start date:05/01/2025
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff6d64d0000
                                                              File size:862'208 bytes
                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:3
                                                              Start time:14:18:53
                                                              Start date:05/01/2025
                                                              Path:C:\Users\user\Desktop\drop1.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Users\user\Desktop\drop1.exe"
                                                              Imagebase:0x150000
                                                              File size:1'293'312 bytes
                                                              MD5 hash:C401A019B5A9E44646577F8922E1014E
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 00000003.00000002.2243329095.0000000000CF8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: infostealer_win_meduzastealer, Description: Finds MeduzaStealer samples based on specific strings, Source: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Sekoia.io
                                                              Reputation:low
                                                              Has exited:true

                                                              Disassembly

                                                              Reset < >

                                                                Execution Graph

                                                                Execution Coverage:7.9%
                                                                Dynamic/Decrypted Code Coverage:0.6%
                                                                Signature Coverage:1.9%
                                                                Total number of Nodes:1336
                                                                Total number of Limit Nodes:11
                                                                execution_graph 10053 16a1a9 10057 16a1df 10053->10057 10054 16a32c GetPEB 10055 16a33e CreateProcessW VirtualAlloc Wow64GetThreadContext ReadProcessMemory VirtualAllocEx 10054->10055 10056 16a3e5 WriteProcessMemory 10055->10056 10055->10057 10058 16a42a 10056->10058 10057->10054 10057->10055 10059 16a42f WriteProcessMemory 10058->10059 10060 16a46c WriteProcessMemory Wow64SetThreadContext ResumeThread 10058->10060 10059->10058 8374 154ada 8375 154ae6 ___scrt_is_nonwritable_in_current_image 8374->8375 8400 154d8c 8375->8400 8377 154aed 8378 154c46 8377->8378 8387 154b17 ___scrt_is_nonwritable_in_current_image _unexpected ___scrt_release_startup_lock 8377->8387 8436 155027 IsProcessorFeaturePresent 8378->8436 8380 154c4d 8440 1569e1 8380->8440 8385 154b36 8386 154bb7 8411 157558 8386->8411 8387->8385 8387->8386 8418 156a2b 8387->8418 8390 154bbd 8415 151f00 8390->8415 8395 154be2 8396 154beb 8395->8396 8427 156a0d 8395->8427 8430 154dc5 8396->8430 8401 154d95 8400->8401 8446 155235 IsProcessorFeaturePresent 8401->8446 8405 154da6 8406 154daa 8405->8406 8456 156587 8405->8456 8406->8377 8409 154dc1 8409->8377 8412 157561 8411->8412 8413 157566 8411->8413 8528 157681 8412->8528 8413->8390 9446 151c60 8415->9446 8417 151f16 8425 154fd4 GetModuleHandleW 8417->8425 8419 156a41 _unexpected 8418->8419 8420 157eab ___scrt_is_nonwritable_in_current_image 8418->8420 8419->8386 8421 159787 _unexpected 39 API calls 8420->8421 8424 157ebc 8421->8424 8422 157da6 CallUnexpected 39 API calls 8423 157ee6 8422->8423 8424->8422 8426 154bde 8425->8426 8426->8380 8426->8395 9837 156b2c 8427->9837 8431 154dd1 8430->8431 8432 154bf4 8431->8432 9908 156599 8431->9908 8432->8385 8434 154ddf 8435 155c28 ___scrt_uninitialize_crt 7 API calls 8434->8435 8435->8432 8437 15503d _unexpected std::bad_exception::bad_exception 8436->8437 8438 1550e8 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 8437->8438 8439 15512c _unexpected 8438->8439 8439->8380 8441 156b2c _unexpected 21 API calls 8440->8441 8442 154c53 8441->8442 8443 1569f7 8442->8443 8444 156b2c _unexpected 21 API calls 8443->8444 8445 154c5b 8444->8445 8447 154da1 8446->8447 8448 155c09 8447->8448 8465 158e16 8448->8465 8451 155c12 8451->8405 8453 155c1a 8454 155c25 8453->8454 8479 158e52 8453->8479 8454->8405 8519 15a875 8456->8519 8459 155c28 8460 155c31 8459->8460 8461 155c3b 8459->8461 8462 157f20 ___vcrt_uninitialize_ptd 6 API calls 8460->8462 8461->8406 8463 155c36 8462->8463 8464 158e52 ___vcrt_uninitialize_locks DeleteCriticalSection 8463->8464 8464->8461 8467 158e1f 8465->8467 8468 158e48 8467->8468 8470 155c0e 8467->8470 8483 15d1b9 8467->8483 8469 158e52 ___vcrt_uninitialize_locks DeleteCriticalSection 8468->8469 8469->8470 8470->8451 8471 157eed 8470->8471 8500 15d0ca 8471->8500 8474 157f02 8474->8453 8477 157f1d 8477->8453 8480 158e7c 8479->8480 8481 158e5d 8479->8481 8480->8451 8482 158e67 DeleteCriticalSection 8481->8482 8482->8480 8482->8482 8488 15d24b 8483->8488 8486 15d1f1 InitializeCriticalSectionAndSpinCount 8487 15d1dc 8486->8487 8487->8467 8489 15d1d3 8488->8489 8492 15d26c 8488->8492 8489->8486 8489->8487 8491 15d2d4 GetProcAddress 8491->8489 8492->8489 8492->8491 8493 15d2c5 8492->8493 8495 15d200 LoadLibraryExW 8492->8495 8493->8491 8494 15d2cd FreeLibrary 8493->8494 8494->8491 8496 15d217 GetLastError 8495->8496 8497 15d247 8495->8497 8496->8497 8498 15d222 ___vcrt_FlsGetValue 8496->8498 8497->8492 8498->8497 8499 15d238 LoadLibraryExW 8498->8499 8499->8492 8501 15d24b ___vcrt_FlsGetValue 5 API calls 8500->8501 8502 15d0e4 8501->8502 8503 15d0fd TlsAlloc 8502->8503 8504 157ef7 8502->8504 8504->8474 8505 15d17b 8504->8505 8506 15d24b ___vcrt_FlsGetValue 5 API calls 8505->8506 8507 15d195 8506->8507 8508 15d1b0 TlsSetValue 8507->8508 8509 157f10 8507->8509 8508->8509 8509->8477 8510 157f20 8509->8510 8511 157f30 8510->8511 8512 157f2a 8510->8512 8511->8474 8514 15d105 8512->8514 8515 15d24b ___vcrt_FlsGetValue 5 API calls 8514->8515 8516 15d11f 8515->8516 8517 15d137 TlsFree 8516->8517 8518 15d12b 8516->8518 8517->8518 8518->8511 8520 15a885 8519->8520 8521 154db3 8519->8521 8520->8521 8523 159eac 8520->8523 8521->8409 8521->8459 8524 159eb3 8523->8524 8525 159ef6 GetStdHandle 8524->8525 8526 159f58 8524->8526 8527 159f09 GetFileType 8524->8527 8525->8524 8526->8520 8527->8524 8529 15768a 8528->8529 8533 1576a0 8528->8533 8529->8533 8534 1575c2 8529->8534 8531 157697 8531->8533 8551 15778f 8531->8551 8533->8413 8535 1575ce 8534->8535 8536 1575cb 8534->8536 8560 159ff0 8535->8560 8536->8531 8541 1575df 8587 15a83b 8541->8587 8542 1575eb 8593 1576ad 8542->8593 8547 15a83b ___free_lconv_mon 14 API calls 8548 15760f 8547->8548 8549 15a83b ___free_lconv_mon 14 API calls 8548->8549 8550 157615 8549->8550 8550->8531 8552 157800 8551->8552 8553 15779e 8551->8553 8552->8533 8553->8552 8554 15af77 _unexpected 14 API calls 8553->8554 8555 157804 8553->8555 8557 15c8a1 WideCharToMultiByte ___scrt_uninitialize_crt 8553->8557 8559 15a83b ___free_lconv_mon 14 API calls 8553->8559 9165 15ca74 8553->9165 8554->8553 8556 15a83b ___free_lconv_mon 14 API calls 8555->8556 8556->8552 8557->8553 8559->8553 8561 159ff9 8560->8561 8565 1575d4 8560->8565 8615 159842 8561->8615 8566 15c99d GetEnvironmentStringsW 8565->8566 8567 15c9b5 8566->8567 8582 1575d9 8566->8582 8568 15c8a1 ___scrt_uninitialize_crt WideCharToMultiByte 8567->8568 8569 15c9d2 8568->8569 8570 15c9e7 8569->8570 8571 15c9dc FreeEnvironmentStringsW 8569->8571 8572 15b3b5 __strnicoll 15 API calls 8570->8572 8571->8582 8573 15c9ee 8572->8573 8574 15ca07 8573->8574 8575 15c9f6 8573->8575 8577 15c8a1 ___scrt_uninitialize_crt WideCharToMultiByte 8574->8577 8576 15a83b ___free_lconv_mon 14 API calls 8575->8576 8579 15c9fb FreeEnvironmentStringsW 8576->8579 8578 15ca17 8577->8578 8580 15ca26 8578->8580 8581 15ca1e 8578->8581 8579->8582 8584 15a83b ___free_lconv_mon 14 API calls 8580->8584 8583 15a83b ___free_lconv_mon 14 API calls 8581->8583 8582->8541 8582->8542 8585 15ca24 FreeEnvironmentStringsW 8583->8585 8584->8585 8585->8582 8588 15a846 RtlFreeHeap 8587->8588 8589 1575e5 8587->8589 8588->8589 8590 15a85b GetLastError 8588->8590 8589->8531 8591 15a868 __dosmaperr 8590->8591 8592 15aec7 __dosmaperr 12 API calls 8591->8592 8592->8589 8594 1576c2 8593->8594 8595 15af77 _unexpected 14 API calls 8594->8595 8596 1576e9 8595->8596 8597 1576f1 8596->8597 8607 1576fb 8596->8607 8598 15a83b ___free_lconv_mon 14 API calls 8597->8598 8614 1575f2 8598->8614 8599 157758 8600 15a83b ___free_lconv_mon 14 API calls 8599->8600 8600->8614 8601 15af77 _unexpected 14 API calls 8601->8607 8602 157767 9155 157652 8602->9155 8606 157782 9161 157898 IsProcessorFeaturePresent 8606->9161 8607->8599 8607->8601 8607->8602 8607->8606 8609 15a83b ___free_lconv_mon 14 API calls 8607->8609 9146 158dbc 8607->9146 8608 15a83b ___free_lconv_mon 14 API calls 8611 157774 8608->8611 8609->8607 8613 15a83b ___free_lconv_mon 14 API calls 8611->8613 8612 15778e 8613->8614 8614->8547 8616 15984d 8615->8616 8619 159853 8615->8619 8662 15928b 8616->8662 8620 159859 8619->8620 8667 1592ca 8619->8667 8622 15985e 8620->8622 8686 157da6 8620->8686 8640 15a433 8622->8640 8627 159885 8630 1592ca _unexpected 6 API calls 8627->8630 8628 15989a 8629 1592ca _unexpected 6 API calls 8628->8629 8631 1598a6 8629->8631 8632 159891 8630->8632 8633 1598b9 8631->8633 8634 1598aa 8631->8634 8637 15a83b ___free_lconv_mon 14 API calls 8632->8637 8681 159a98 8633->8681 8635 1592ca _unexpected 6 API calls 8634->8635 8635->8632 8637->8620 8639 15a83b ___free_lconv_mon 14 API calls 8639->8622 8641 15a45d 8640->8641 8967 15a2bf 8641->8967 8646 15a49d 8981 15a0ba 8646->8981 8647 15a48f 8648 15a83b ___free_lconv_mon 14 API calls 8647->8648 8650 15a476 8648->8650 8650->8565 8652 15a4d5 8653 15aec7 __dosmaperr 14 API calls 8652->8653 8655 15a4da 8653->8655 8654 15a51c 8657 15a565 8654->8657 8992 15a7ee 8654->8992 8658 15a83b ___free_lconv_mon 14 API calls 8655->8658 8656 15a4f0 8656->8654 8659 15a83b ___free_lconv_mon 14 API calls 8656->8659 8661 15a83b ___free_lconv_mon 14 API calls 8657->8661 8658->8650 8659->8654 8661->8650 8697 159599 8662->8697 8665 1592b0 8665->8619 8666 1592c2 TlsGetValue 8668 159599 _unexpected 5 API calls 8667->8668 8669 1592e6 8668->8669 8670 159304 TlsSetValue 8669->8670 8671 1592ef 8669->8671 8671->8620 8672 15af77 8671->8672 8673 15af84 8672->8673 8674 15afc4 8673->8674 8675 15afaf HeapAlloc 8673->8675 8679 15af98 _unexpected 8673->8679 8715 15aec7 8674->8715 8676 15afc2 8675->8676 8675->8679 8678 15987d 8676->8678 8678->8627 8678->8628 8679->8674 8679->8675 8712 156d13 8679->8712 8752 159bfe 8681->8752 8854 15a92c 8686->8854 8689 157db6 8691 157dc0 IsProcessorFeaturePresent 8689->8691 8692 157ddf 8689->8692 8693 157dcc 8691->8693 8694 1569f7 _unexpected 21 API calls 8692->8694 8884 1578cc 8693->8884 8696 157de9 8694->8696 8698 1595c9 8697->8698 8701 1592a7 8697->8701 8698->8701 8704 1594ce 8698->8704 8701->8665 8701->8666 8702 1595e3 GetProcAddress 8702->8701 8703 1595f3 _unexpected 8702->8703 8703->8701 8705 1594df ___vcrt_FlsGetValue 8704->8705 8706 159575 8705->8706 8707 1594fd LoadLibraryExW 8705->8707 8711 15954b LoadLibraryExW 8705->8711 8706->8701 8706->8702 8708 15957c 8707->8708 8709 159518 GetLastError 8707->8709 8708->8706 8710 15958e FreeLibrary 8708->8710 8709->8705 8710->8706 8711->8705 8711->8708 8718 156d4e 8712->8718 8729 1598d8 GetLastError 8715->8729 8717 15aecc 8717->8678 8719 156d5a ___scrt_is_nonwritable_in_current_image 8718->8719 8724 1596f8 EnterCriticalSection 8719->8724 8721 156d65 _unexpected 8725 156d9c 8721->8725 8724->8721 8728 15970f LeaveCriticalSection 8725->8728 8727 156d1e 8727->8679 8728->8727 8730 1598ee 8729->8730 8731 1598f4 8729->8731 8733 15928b _unexpected 6 API calls 8730->8733 8732 1592ca _unexpected 6 API calls 8731->8732 8735 1598f8 SetLastError 8731->8735 8734 159910 8732->8734 8733->8731 8734->8735 8737 15af77 _unexpected 12 API calls 8734->8737 8735->8717 8738 159925 8737->8738 8739 15992d 8738->8739 8740 15993e 8738->8740 8741 1592ca _unexpected 6 API calls 8739->8741 8742 1592ca _unexpected 6 API calls 8740->8742 8749 15993b 8741->8749 8743 15994a 8742->8743 8744 159965 8743->8744 8745 15994e 8743->8745 8748 159a98 _unexpected 12 API calls 8744->8748 8746 1592ca _unexpected 6 API calls 8745->8746 8746->8749 8747 15a83b ___free_lconv_mon 12 API calls 8747->8735 8750 159970 8748->8750 8749->8747 8751 15a83b ___free_lconv_mon 12 API calls 8750->8751 8751->8735 8753 159c0a ___scrt_is_nonwritable_in_current_image 8752->8753 8766 1596f8 EnterCriticalSection 8753->8766 8755 159c14 8767 159c44 8755->8767 8758 159c50 8759 159c5c ___scrt_is_nonwritable_in_current_image 8758->8759 8771 1596f8 EnterCriticalSection 8759->8771 8761 159c66 8772 159a4d 8761->8772 8763 159c7e 8776 159c9e 8763->8776 8766->8755 8770 15970f LeaveCriticalSection 8767->8770 8769 159b06 8769->8758 8770->8769 8771->8761 8773 159a83 _unexpected 8772->8773 8774 159a5c _unexpected 8772->8774 8773->8763 8774->8773 8779 15b71e 8774->8779 8853 15970f LeaveCriticalSection 8776->8853 8778 1598c4 8778->8639 8781 15b79e 8779->8781 8788 15b734 8779->8788 8780 15b7ec 8847 15b8b8 8780->8847 8781->8780 8783 15a83b ___free_lconv_mon 14 API calls 8781->8783 8784 15b7c0 8783->8784 8786 15a83b ___free_lconv_mon 14 API calls 8784->8786 8785 15b767 8787 15b789 8785->8787 8793 15a83b ___free_lconv_mon 14 API calls 8785->8793 8789 15b7d3 8786->8789 8790 15a83b ___free_lconv_mon 14 API calls 8787->8790 8788->8781 8788->8785 8791 15a83b ___free_lconv_mon 14 API calls 8788->8791 8792 15a83b ___free_lconv_mon 14 API calls 8789->8792 8794 15b793 8790->8794 8796 15b75c 8791->8796 8799 15b7e1 8792->8799 8800 15b77e 8793->8800 8801 15a83b ___free_lconv_mon 14 API calls 8794->8801 8795 15b85a 8802 15a83b ___free_lconv_mon 14 API calls 8795->8802 8807 15b145 8796->8807 8797 15b7fa 8797->8795 8806 15a83b 14 API calls ___free_lconv_mon 8797->8806 8803 15a83b ___free_lconv_mon 14 API calls 8799->8803 8835 15b243 8800->8835 8801->8781 8805 15b860 8802->8805 8803->8780 8805->8773 8806->8797 8808 15b156 8807->8808 8834 15b23f 8807->8834 8809 15b167 8808->8809 8810 15a83b ___free_lconv_mon 14 API calls 8808->8810 8811 15b179 8809->8811 8813 15a83b ___free_lconv_mon 14 API calls 8809->8813 8810->8809 8812 15b18b 8811->8812 8814 15a83b ___free_lconv_mon 14 API calls 8811->8814 8815 15b19d 8812->8815 8816 15a83b ___free_lconv_mon 14 API calls 8812->8816 8813->8811 8814->8812 8817 15b1af 8815->8817 8818 15a83b ___free_lconv_mon 14 API calls 8815->8818 8816->8815 8819 15b1c1 8817->8819 8821 15a83b ___free_lconv_mon 14 API calls 8817->8821 8818->8817 8820 15b1d3 8819->8820 8822 15a83b ___free_lconv_mon 14 API calls 8819->8822 8823 15b1e5 8820->8823 8824 15a83b ___free_lconv_mon 14 API calls 8820->8824 8821->8819 8822->8820 8825 15b1f7 8823->8825 8826 15a83b ___free_lconv_mon 14 API calls 8823->8826 8824->8823 8827 15b209 8825->8827 8828 15a83b ___free_lconv_mon 14 API calls 8825->8828 8826->8825 8829 15a83b ___free_lconv_mon 14 API calls 8827->8829 8830 15b21b 8827->8830 8828->8827 8829->8830 8831 15a83b ___free_lconv_mon 14 API calls 8830->8831 8832 15b22d 8830->8832 8831->8832 8833 15a83b ___free_lconv_mon 14 API calls 8832->8833 8832->8834 8833->8834 8834->8785 8836 15b250 8835->8836 8846 15b2a8 8835->8846 8837 15b260 8836->8837 8839 15a83b ___free_lconv_mon 14 API calls 8836->8839 8838 15b272 8837->8838 8840 15a83b ___free_lconv_mon 14 API calls 8837->8840 8841 15b284 8838->8841 8842 15a83b ___free_lconv_mon 14 API calls 8838->8842 8839->8837 8840->8838 8843 15a83b ___free_lconv_mon 14 API calls 8841->8843 8844 15b296 8841->8844 8842->8841 8843->8844 8845 15a83b ___free_lconv_mon 14 API calls 8844->8845 8844->8846 8845->8846 8846->8787 8848 15b8c5 8847->8848 8849 15b8e4 8847->8849 8848->8849 8850 15b2ac _unexpected 14 API calls 8848->8850 8849->8797 8851 15b8de 8850->8851 8852 15a83b ___free_lconv_mon 14 API calls 8851->8852 8852->8849 8853->8778 8890 15abaf 8854->8890 8857 15a953 8858 15a95f ___scrt_is_nonwritable_in_current_image 8857->8858 8859 1598d8 __dosmaperr 14 API calls 8858->8859 8860 15a9af 8858->8860 8862 15a9c1 _unexpected 8858->8862 8866 15a990 _unexpected 8858->8866 8859->8866 8861 15aec7 __dosmaperr 14 API calls 8860->8861 8864 15a9b4 8861->8864 8863 15a9f7 _unexpected 8862->8863 8904 1596f8 EnterCriticalSection 8862->8904 8869 15aa34 8863->8869 8870 15ab31 8863->8870 8880 15aa62 8863->8880 8901 15786b 8864->8901 8866->8860 8866->8862 8883 15a999 8866->8883 8869->8880 8905 159787 GetLastError 8869->8905 8871 15ab3c 8870->8871 8936 15970f LeaveCriticalSection 8870->8936 8874 1569f7 _unexpected 21 API calls 8871->8874 8876 15ab44 8874->8876 8877 159787 _unexpected 39 API calls 8881 15aab7 8877->8881 8879 159787 _unexpected 39 API calls 8879->8880 8932 15aadd 8880->8932 8882 159787 _unexpected 39 API calls 8881->8882 8881->8883 8882->8883 8883->8689 8885 1578e8 _unexpected std::bad_exception::bad_exception 8884->8885 8886 157914 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 8885->8886 8889 1579e5 _unexpected 8886->8889 8888 157a03 8888->8692 8959 153c8e 8889->8959 8891 15abbb ___scrt_is_nonwritable_in_current_image 8890->8891 8896 1596f8 EnterCriticalSection 8891->8896 8893 15abc9 8897 15ac0b 8893->8897 8896->8893 8900 15970f LeaveCriticalSection 8897->8900 8899 157dab 8899->8689 8899->8857 8900->8899 8937 157ba1 8901->8937 8904->8863 8906 15979d 8905->8906 8909 1597a3 8905->8909 8907 15928b _unexpected 6 API calls 8906->8907 8907->8909 8908 1592ca _unexpected 6 API calls 8910 1597bf 8908->8910 8909->8908 8930 1597a7 SetLastError 8909->8930 8911 15af77 _unexpected 14 API calls 8910->8911 8910->8930 8913 1597d4 8911->8913 8916 1597ed 8913->8916 8917 1597dc 8913->8917 8914 159837 8914->8879 8915 15983c 8918 157da6 CallUnexpected 37 API calls 8915->8918 8920 1592ca _unexpected 6 API calls 8916->8920 8919 1592ca _unexpected 6 API calls 8917->8919 8921 159841 8918->8921 8922 1597ea 8919->8922 8923 1597f9 8920->8923 8927 15a83b ___free_lconv_mon 14 API calls 8922->8927 8924 159814 8923->8924 8925 1597fd 8923->8925 8928 159a98 _unexpected 14 API calls 8924->8928 8926 1592ca _unexpected 6 API calls 8925->8926 8926->8922 8927->8930 8929 15981f 8928->8929 8931 15a83b ___free_lconv_mon 14 API calls 8929->8931 8930->8914 8930->8915 8931->8930 8933 15aae1 8932->8933 8934 15aaa9 8932->8934 8958 15970f LeaveCriticalSection 8933->8958 8934->8877 8934->8881 8934->8883 8936->8871 8938 157bb3 __strnicoll 8937->8938 8943 157a14 8938->8943 8944 157a24 8943->8944 8946 157a2b 8943->8946 8945 157b32 __strnicoll 16 API calls 8944->8945 8945->8946 8947 157a39 8946->8947 8948 157b78 __strnicoll GetLastError SetLastError 8946->8948 8952 157ad9 8947->8952 8949 157a60 8948->8949 8949->8947 8950 157898 __strnicoll 11 API calls 8949->8950 8951 157a90 8950->8951 8953 157ae5 8952->8953 8954 157afc 8953->8954 8955 157b15 __strnicoll 39 API calls 8953->8955 8956 157877 8954->8956 8957 157b15 __strnicoll 39 API calls 8954->8957 8955->8954 8956->8883 8957->8956 8958->8934 8960 153c97 IsProcessorFeaturePresent 8959->8960 8961 153c96 8959->8961 8963 1544d1 8960->8963 8961->8888 8966 1545b7 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 8963->8966 8965 1545b4 8965->8888 8966->8965 9000 15a038 8967->9000 8970 15a2e0 GetOEMCP 8972 15a309 8970->8972 8971 15a2f2 8971->8972 8973 15a2f7 GetACP 8971->8973 8972->8650 8974 15b3b5 8972->8974 8973->8972 8975 15b3f3 8974->8975 8976 15b3c3 _unexpected 8974->8976 8978 15aec7 __dosmaperr 14 API calls 8975->8978 8976->8975 8977 15b3de RtlAllocateHeap 8976->8977 8980 156d13 _unexpected 2 API calls 8976->8980 8977->8976 8979 15a487 8977->8979 8978->8979 8979->8646 8979->8647 8980->8976 8982 15a2bf 41 API calls 8981->8982 8983 15a0da 8982->8983 8985 15a117 IsValidCodePage 8983->8985 8986 15a1df 8983->8986 8991 15a132 std::bad_exception::bad_exception 8983->8991 8984 153c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 8987 15a2bd 8984->8987 8985->8986 8988 15a129 8985->8988 8986->8984 8987->8652 8987->8656 8989 15a152 GetCPInfo 8988->8989 8988->8991 8989->8986 8989->8991 9040 15a649 8991->9040 8993 15a7fa ___scrt_is_nonwritable_in_current_image 8992->8993 9120 1596f8 EnterCriticalSection 8993->9120 8995 15a804 9121 15a588 8995->9121 9001 15a056 9000->9001 9002 15a04f 9000->9002 9001->9002 9003 159787 _unexpected 39 API calls 9001->9003 9002->8970 9002->8971 9004 15a077 9003->9004 9008 15d714 9004->9008 9009 15d727 9008->9009 9010 15a08d 9008->9010 9009->9010 9016 15b8e9 9009->9016 9012 15d741 9010->9012 9013 15d754 9012->9013 9014 15d769 9012->9014 9013->9014 9037 159fdd 9013->9037 9014->9002 9017 15b8f5 ___scrt_is_nonwritable_in_current_image 9016->9017 9018 159787 _unexpected 39 API calls 9017->9018 9019 15b8fe 9018->9019 9026 15b944 9019->9026 9029 1596f8 EnterCriticalSection 9019->9029 9021 15b91c 9030 15b96a 9021->9030 9026->9010 9027 157da6 CallUnexpected 39 API calls 9028 15b969 9027->9028 9029->9021 9031 15b978 _unexpected 9030->9031 9033 15b92d 9030->9033 9032 15b71e _unexpected 14 API calls 9031->9032 9031->9033 9032->9033 9034 15b949 9033->9034 9035 15970f _unexpected LeaveCriticalSection 9034->9035 9036 15b940 9035->9036 9036->9026 9036->9027 9038 159787 _unexpected 39 API calls 9037->9038 9039 159fe2 9038->9039 9039->9014 9041 15a671 GetCPInfo 9040->9041 9050 15a73a 9040->9050 9047 15a689 9041->9047 9041->9050 9043 153c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9045 15a7ec 9043->9045 9045->8986 9051 15b45d 9047->9051 9049 15d4dc 44 API calls 9049->9050 9050->9043 9052 15a038 __strnicoll 39 API calls 9051->9052 9053 15b47d 9052->9053 9071 15b55e 9053->9071 9055 15b539 9057 153c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9055->9057 9056 15b531 9074 15b43d 9056->9074 9060 15a6f1 9057->9060 9058 15b4aa 9058->9055 9058->9056 9059 15b3b5 __strnicoll 15 API calls 9058->9059 9062 15b4cf __alloca_probe_16 std::bad_exception::bad_exception 9058->9062 9059->9062 9066 15d4dc 9060->9066 9062->9056 9063 15b55e __strnicoll MultiByteToWideChar 9062->9063 9064 15b518 9063->9064 9064->9056 9065 15b51f GetStringTypeW 9064->9065 9065->9056 9067 15a038 __strnicoll 39 API calls 9066->9067 9068 15d4ef 9067->9068 9080 15d525 9068->9080 9078 15b588 9071->9078 9075 15b449 9074->9075 9076 15b45a 9074->9076 9075->9076 9077 15a83b ___free_lconv_mon 14 API calls 9075->9077 9076->9055 9077->9076 9079 15b57a MultiByteToWideChar 9078->9079 9079->9058 9081 15d540 __strnicoll 9080->9081 9082 15b55e __strnicoll MultiByteToWideChar 9081->9082 9086 15d584 9082->9086 9083 15d6ff 9084 153c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9083->9084 9085 15a712 9084->9085 9085->9049 9086->9083 9087 15b3b5 __strnicoll 15 API calls 9086->9087 9089 15d5aa __alloca_probe_16 9086->9089 9100 15d652 9086->9100 9087->9089 9088 15b43d __freea 14 API calls 9088->9083 9090 15b55e __strnicoll MultiByteToWideChar 9089->9090 9089->9100 9091 15d5f3 9090->9091 9091->9100 9108 159357 9091->9108 9094 15d661 9096 15d6ea 9094->9096 9097 15b3b5 __strnicoll 15 API calls 9094->9097 9101 15d673 __alloca_probe_16 9094->9101 9095 15d629 9099 159357 7 API calls 9095->9099 9095->9100 9098 15b43d __freea 14 API calls 9096->9098 9097->9101 9098->9100 9099->9100 9100->9088 9101->9096 9102 159357 7 API calls 9101->9102 9103 15d6b6 9102->9103 9103->9096 9117 15c8a1 9103->9117 9105 15d6d0 9105->9096 9106 15d6d9 9105->9106 9107 15b43d __freea 14 API calls 9106->9107 9107->9100 9109 159652 LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary GetProcAddress 9108->9109 9110 159362 9109->9110 9111 15938f 9110->9111 9112 159368 LCMapStringEx 9110->9112 9113 1593b4 __strnicoll 5 API calls 9111->9113 9116 1593af 9112->9116 9115 1593a8 LCMapStringW 9113->9115 9115->9116 9116->9094 9116->9095 9116->9100 9119 15c8b4 ___scrt_uninitialize_crt 9117->9119 9118 15c8f2 WideCharToMultiByte 9118->9105 9119->9118 9120->8995 9131 159f5c 9121->9131 9123 15a5aa 9124 159f5c 39 API calls 9123->9124 9125 15a5c9 9124->9125 9126 15a5f0 9125->9126 9127 15a83b ___free_lconv_mon 14 API calls 9125->9127 9128 15a82f 9126->9128 9127->9126 9145 15970f LeaveCriticalSection 9128->9145 9130 15a81d 9130->8657 9132 159f6d 9131->9132 9133 159f69 std::_Throw_Cpp_error 9131->9133 9134 159f74 9132->9134 9138 159f87 std::bad_exception::bad_exception 9132->9138 9133->9123 9135 15aec7 __dosmaperr 14 API calls 9134->9135 9136 159f79 9135->9136 9137 15786b __strnicoll 39 API calls 9136->9137 9137->9133 9138->9133 9139 159fb5 9138->9139 9140 159fbe 9138->9140 9141 15aec7 __dosmaperr 14 API calls 9139->9141 9140->9133 9143 15aec7 __dosmaperr 14 API calls 9140->9143 9142 159fba 9141->9142 9144 15786b __strnicoll 39 API calls 9142->9144 9143->9142 9144->9133 9145->9130 9147 158dd8 9146->9147 9148 158dca 9146->9148 9149 15aec7 __dosmaperr 14 API calls 9147->9149 9148->9147 9153 158df0 9148->9153 9150 158de0 9149->9150 9152 15786b __strnicoll 39 API calls 9150->9152 9151 158dea 9151->8607 9152->9151 9153->9151 9154 15aec7 __dosmaperr 14 API calls 9153->9154 9154->9150 9156 15765f 9155->9156 9160 15767c 9155->9160 9157 157676 9156->9157 9158 15a83b ___free_lconv_mon 14 API calls 9156->9158 9159 15a83b ___free_lconv_mon 14 API calls 9157->9159 9158->9156 9159->9160 9160->8608 9162 1578a4 9161->9162 9163 1578cc _unexpected 8 API calls 9162->9163 9164 1578b9 GetCurrentProcess TerminateProcess 9163->9164 9164->8612 9166 15ca7f 9165->9166 9167 15ca90 9166->9167 9170 15caa3 ___from_strstr_to_strchr 9166->9170 9168 15aec7 __dosmaperr 14 API calls 9167->9168 9169 15ca95 9168->9169 9169->8553 9171 15ccba 9170->9171 9172 15cac3 9170->9172 9173 15aec7 __dosmaperr 14 API calls 9171->9173 9228 15ccdf 9172->9228 9175 15ccbf 9173->9175 9177 15a83b ___free_lconv_mon 14 API calls 9175->9177 9177->9169 9178 15cb09 9182 15af77 _unexpected 14 API calls 9178->9182 9195 15caf3 9178->9195 9180 15cae5 9188 15cb02 9180->9188 9189 15caee 9180->9189 9185 15cb17 9182->9185 9183 15a83b ___free_lconv_mon 14 API calls 9183->9169 9184 15cbc7 9184->9195 9196 15c834 42 API calls 9184->9196 9187 15a83b ___free_lconv_mon 14 API calls 9185->9187 9186 15cb7c 9191 15a83b ___free_lconv_mon 14 API calls 9186->9191 9194 15cb22 9187->9194 9190 15ccdf 39 API calls 9188->9190 9192 15aec7 __dosmaperr 14 API calls 9189->9192 9193 15cb07 9190->9193 9200 15cb84 9191->9200 9192->9195 9193->9195 9232 15ccf9 9193->9232 9194->9193 9194->9195 9198 15af77 _unexpected 14 API calls 9194->9198 9195->9183 9197 15cbf5 9196->9197 9199 15a83b ___free_lconv_mon 14 API calls 9197->9199 9202 15cb3e 9198->9202 9205 15cbb1 9199->9205 9200->9205 9236 15c834 9200->9236 9201 15ccaf 9203 15a83b ___free_lconv_mon 14 API calls 9201->9203 9206 15a83b ___free_lconv_mon 14 API calls 9202->9206 9203->9169 9205->9195 9205->9201 9205->9205 9208 15af77 _unexpected 14 API calls 9205->9208 9206->9193 9207 15cba8 9209 15a83b ___free_lconv_mon 14 API calls 9207->9209 9210 15cc40 9208->9210 9209->9205 9211 15cc50 9210->9211 9212 15cc48 9210->9212 9214 158dbc ___std_exception_copy 39 API calls 9211->9214 9213 15a83b ___free_lconv_mon 14 API calls 9212->9213 9213->9195 9215 15cc5c 9214->9215 9216 15ccd4 9215->9216 9217 15cc63 9215->9217 9218 157898 __strnicoll 11 API calls 9216->9218 9245 15f07c 9217->9245 9220 15ccde 9218->9220 9222 15cca9 9224 15a83b ___free_lconv_mon 14 API calls 9222->9224 9223 15cc8a 9225 15aec7 __dosmaperr 14 API calls 9223->9225 9224->9201 9226 15cc8f 9225->9226 9227 15a83b ___free_lconv_mon 14 API calls 9226->9227 9227->9195 9229 15ccec 9228->9229 9230 15cace 9228->9230 9260 15cd4e 9229->9260 9230->9178 9230->9180 9230->9193 9234 15cd0f 9232->9234 9235 15cb6c 9232->9235 9234->9235 9275 15ef8b 9234->9275 9235->9184 9235->9186 9237 15c841 9236->9237 9238 15c85c 9236->9238 9237->9238 9239 15c84d 9237->9239 9240 15c86b 9238->9240 9375 15edb8 9238->9375 9241 15aec7 __dosmaperr 14 API calls 9239->9241 9382 15edeb 9240->9382 9244 15c852 std::bad_exception::bad_exception 9241->9244 9244->9207 9394 15b9e4 9245->9394 9250 15b9e4 39 API calls 9253 15f0cc 9250->9253 9251 15f0ef 9252 15f0fb 9251->9252 9254 15a83b ___free_lconv_mon 14 API calls 9251->9254 9255 15cc84 9252->9255 9256 15a83b ___free_lconv_mon 14 API calls 9252->9256 9257 15ba7c 17 API calls 9253->9257 9254->9252 9255->9222 9255->9223 9256->9255 9258 15f0d9 9257->9258 9258->9251 9259 15f0e3 SetEnvironmentVariableW 9258->9259 9259->9251 9261 15cd61 9260->9261 9268 15cd5c 9260->9268 9262 15af77 _unexpected 14 API calls 9261->9262 9273 15cd7e 9262->9273 9263 15cdec 9265 157da6 CallUnexpected 39 API calls 9263->9265 9264 15cddb 9266 15a83b ___free_lconv_mon 14 API calls 9264->9266 9267 15cdf1 9265->9267 9266->9268 9269 157898 __strnicoll 11 API calls 9267->9269 9268->9230 9270 15cdfd 9269->9270 9271 15af77 _unexpected 14 API calls 9271->9273 9272 15a83b ___free_lconv_mon 14 API calls 9272->9273 9273->9263 9273->9264 9273->9267 9273->9271 9273->9272 9274 158dbc ___std_exception_copy 39 API calls 9273->9274 9274->9273 9276 15ef9f 9275->9276 9277 15ef99 9275->9277 9293 15efb4 9276->9293 9280 15f751 9277->9280 9281 15f709 9277->9281 9313 15f767 9280->9313 9282 15f70f 9281->9282 9285 15f72c 9281->9285 9284 15aec7 __dosmaperr 14 API calls 9282->9284 9287 15f714 9284->9287 9289 15aec7 __dosmaperr 14 API calls 9285->9289 9292 15f74a 9285->9292 9286 15f71f 9286->9234 9288 15786b __strnicoll 39 API calls 9287->9288 9288->9286 9290 15f73b 9289->9290 9291 15786b __strnicoll 39 API calls 9290->9291 9291->9286 9292->9234 9294 15a038 __strnicoll 39 API calls 9293->9294 9296 15efca 9294->9296 9295 15efe6 9299 15aec7 __dosmaperr 14 API calls 9295->9299 9296->9295 9297 15efaf 9296->9297 9298 15effd 9296->9298 9297->9234 9300 15f006 9298->9300 9301 15f018 9298->9301 9302 15efeb 9299->9302 9303 15aec7 __dosmaperr 14 API calls 9300->9303 9304 15f025 9301->9304 9305 15f038 9301->9305 9306 15786b __strnicoll 39 API calls 9302->9306 9307 15f00b 9303->9307 9308 15f767 __strnicoll 39 API calls 9304->9308 9331 15f832 9305->9331 9306->9297 9310 15786b __strnicoll 39 API calls 9307->9310 9308->9297 9310->9297 9312 15aec7 __dosmaperr 14 API calls 9312->9297 9314 15f777 9313->9314 9315 15f791 9313->9315 9316 15aec7 __dosmaperr 14 API calls 9314->9316 9317 15f7b0 9315->9317 9318 15f799 9315->9318 9319 15f77c 9316->9319 9321 15f7bc 9317->9321 9322 15f7d3 9317->9322 9320 15aec7 __dosmaperr 14 API calls 9318->9320 9323 15786b __strnicoll 39 API calls 9319->9323 9324 15f79e 9320->9324 9325 15aec7 __dosmaperr 14 API calls 9321->9325 9326 15a038 __strnicoll 39 API calls 9322->9326 9329 15f787 9322->9329 9323->9329 9327 15786b __strnicoll 39 API calls 9324->9327 9328 15f7c1 9325->9328 9326->9329 9327->9329 9330 15786b __strnicoll 39 API calls 9328->9330 9329->9286 9330->9329 9332 15a038 __strnicoll 39 API calls 9331->9332 9333 15f845 9332->9333 9336 15f878 9333->9336 9337 15f8ac __strnicoll 9336->9337 9340 15f92c 9337->9340 9341 15fb10 9337->9341 9343 15f919 GetCPInfo 9337->9343 9348 15f930 9337->9348 9338 153c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9339 15f04e 9338->9339 9339->9297 9339->9312 9342 15b55e __strnicoll MultiByteToWideChar 9340->9342 9340->9348 9345 15f9b2 9342->9345 9343->9340 9343->9348 9344 15fb04 9346 15b43d __freea 14 API calls 9344->9346 9345->9344 9347 15b3b5 __strnicoll 15 API calls 9345->9347 9345->9348 9349 15f9d9 __alloca_probe_16 9345->9349 9346->9348 9347->9349 9348->9338 9348->9341 9349->9344 9350 15b55e __strnicoll MultiByteToWideChar 9349->9350 9351 15fa25 9350->9351 9351->9344 9352 15b55e __strnicoll MultiByteToWideChar 9351->9352 9353 15fa41 9352->9353 9353->9344 9354 15fa4f 9353->9354 9355 15fab2 9354->9355 9357 15b3b5 __strnicoll 15 API calls 9354->9357 9360 15fa68 __alloca_probe_16 9354->9360 9356 15b43d __freea 14 API calls 9355->9356 9358 15fab8 9356->9358 9357->9360 9359 15b43d __freea 14 API calls 9358->9359 9359->9348 9360->9355 9361 15b55e __strnicoll MultiByteToWideChar 9360->9361 9362 15faab 9361->9362 9362->9355 9363 15fad4 9362->9363 9369 1591b0 9363->9369 9366 15b43d __freea 14 API calls 9367 15faf4 9366->9367 9368 15b43d __freea 14 API calls 9367->9368 9368->9348 9370 159638 __strnicoll 5 API calls 9369->9370 9371 1591bb 9370->9371 9372 1593b4 __strnicoll 5 API calls 9371->9372 9374 1591c1 9371->9374 9373 159201 CompareStringW 9372->9373 9373->9374 9374->9366 9376 15edc3 9375->9376 9377 15edd8 HeapSize 9375->9377 9378 15aec7 __dosmaperr 14 API calls 9376->9378 9377->9240 9379 15edc8 9378->9379 9380 15786b __strnicoll 39 API calls 9379->9380 9381 15edd3 9380->9381 9381->9240 9383 15ee03 9382->9383 9384 15edf8 9382->9384 9386 15ee0b 9383->9386 9392 15ee14 _unexpected 9383->9392 9385 15b3b5 __strnicoll 15 API calls 9384->9385 9390 15ee00 9385->9390 9387 15a83b ___free_lconv_mon 14 API calls 9386->9387 9387->9390 9388 15ee3e HeapReAlloc 9388->9390 9388->9392 9389 15ee19 9391 15aec7 __dosmaperr 14 API calls 9389->9391 9390->9244 9391->9390 9392->9388 9392->9389 9393 156d13 _unexpected 2 API calls 9392->9393 9393->9392 9395 15a038 __strnicoll 39 API calls 9394->9395 9396 15b9f6 9395->9396 9397 15ba08 9396->9397 9402 159191 9396->9402 9399 15ba7c 9397->9399 9408 15bc52 9399->9408 9405 15961e 9402->9405 9406 159599 _unexpected 5 API calls 9405->9406 9407 159199 9406->9407 9407->9397 9409 15bc60 9408->9409 9410 15bc7a 9408->9410 9426 15ba62 9409->9426 9412 15bc81 9410->9412 9413 15bca0 9410->9413 9417 15ba94 9412->9417 9430 15ba23 9412->9430 9414 15b55e __strnicoll MultiByteToWideChar 9413->9414 9416 15bcaf 9414->9416 9418 15bcb6 GetLastError 9416->9418 9420 15bcdc 9416->9420 9422 15ba23 15 API calls 9416->9422 9417->9250 9417->9251 9435 15aeed 9418->9435 9420->9417 9423 15b55e __strnicoll MultiByteToWideChar 9420->9423 9422->9420 9425 15bcf3 9423->9425 9424 15aec7 __dosmaperr 14 API calls 9424->9417 9425->9417 9425->9418 9427 15ba6d 9426->9427 9428 15ba75 9426->9428 9429 15a83b ___free_lconv_mon 14 API calls 9427->9429 9428->9417 9429->9428 9431 15ba62 14 API calls 9430->9431 9432 15ba31 9431->9432 9440 15b9c5 9432->9440 9443 15aeda 9435->9443 9437 15aef8 __dosmaperr 9438 15aec7 __dosmaperr 14 API calls 9437->9438 9439 15af0b 9438->9439 9439->9424 9441 15b3b5 __strnicoll 15 API calls 9440->9441 9442 15b9d2 9441->9442 9442->9417 9444 1598d8 __dosmaperr 14 API calls 9443->9444 9445 15aedf 9444->9445 9445->9437 9447 151ca1 9446->9447 9456 153c1a 9447->9456 9449 151cd1 9470 151dc0 9449->9470 9455 151d52 9455->8417 9458 153c1f 9456->9458 9459 153c39 9458->9459 9460 156d13 _unexpected 2 API calls 9458->9460 9462 153c3b std::_Throw_Cpp_error 9458->9462 9490 157e10 9458->9490 9459->9449 9460->9458 9461 15449e std::_Throw_Cpp_error 9463 15556e std::_Throw_Cpp_error RaiseException 9461->9463 9462->9461 9497 15556e 9462->9497 9465 1544bb IsProcessorFeaturePresent 9463->9465 9467 1544d1 9465->9467 9500 1545b7 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 9467->9500 9469 1545b4 9469->9449 9501 1532d0 9470->9501 9472 151d00 9473 151e00 9472->9473 9474 151e1e 9473->9474 9475 151e32 GetCurrentThreadId 9474->9475 9476 153e7f std::_Throw_Cpp_error 42 API calls 9474->9476 9477 151e4d 9475->9477 9478 151e59 9475->9478 9476->9475 9479 153e7f std::_Throw_Cpp_error 42 API calls 9477->9479 9825 15442d WaitForSingleObjectEx 9478->9825 9479->9478 9482 151e98 9484 153c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9482->9484 9483 153e7f std::_Throw_Cpp_error 42 API calls 9483->9482 9485 151d2c 9484->9485 9485->9455 9486 151ed0 9485->9486 9487 151edf 9486->9487 9488 151ee7 9487->9488 9831 157eab 9487->9831 9488->9455 9495 15b3b5 _unexpected 9490->9495 9491 15b3f3 9493 15aec7 __dosmaperr 14 API calls 9491->9493 9492 15b3de RtlAllocateHeap 9494 15b3f1 9492->9494 9492->9495 9493->9494 9494->9458 9495->9491 9495->9492 9496 156d13 _unexpected 2 API calls 9495->9496 9496->9495 9498 1555b6 RaiseException 9497->9498 9499 155588 9497->9499 9498->9461 9499->9498 9500->9469 9511 153400 9501->9511 9503 153327 9518 1567f4 9503->9518 9505 153379 9506 1533a0 9505->9506 9507 153393 9505->9507 9537 153e7f 9506->9537 9533 1535c0 9507->9533 9510 15339b 9510->9472 9512 153c1a std::_Throw_Cpp_error 21 API calls 9511->9512 9513 153449 9512->9513 9543 153650 9513->9543 9519 156815 9518->9519 9520 156801 9518->9520 9561 156885 9519->9561 9522 15aec7 __dosmaperr 14 API calls 9520->9522 9524 156806 9522->9524 9526 15786b __strnicoll 39 API calls 9524->9526 9525 15682a CreateThread 9527 156849 GetLastError 9525->9527 9531 156855 9525->9531 9578 15690c 9525->9578 9528 156811 9526->9528 9529 15aeed __dosmaperr 14 API calls 9527->9529 9528->9505 9529->9531 9570 1568d5 9531->9570 9534 1535ec 9533->9534 9535 153c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9534->9535 9536 1535f9 9535->9536 9536->9510 9538 153e95 std::_Throw_Cpp_error 9537->9538 9704 1540a7 9538->9704 9552 153700 9543->9552 9546 153c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9547 153473 9546->9547 9548 1536b0 9547->9548 9549 1536e0 9548->9549 9550 153c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9549->9550 9551 15348b 9550->9551 9551->9503 9557 153760 9552->9557 9554 153733 9555 153c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9554->9555 9556 15368c 9555->9556 9556->9546 9558 153789 9557->9558 9559 153c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9558->9559 9560 1537a7 9559->9560 9560->9554 9562 15af77 _unexpected 14 API calls 9561->9562 9563 156896 9562->9563 9564 15a83b ___free_lconv_mon 14 API calls 9563->9564 9565 1568a3 9564->9565 9566 1568c7 9565->9566 9567 1568aa GetModuleHandleExW 9565->9567 9568 1568d5 16 API calls 9566->9568 9567->9566 9569 156821 9568->9569 9569->9525 9569->9531 9571 1568e1 9570->9571 9577 156860 9570->9577 9572 1568e7 CloseHandle 9571->9572 9573 1568f0 9571->9573 9572->9573 9574 1568f6 FreeLibrary 9573->9574 9575 1568ff 9573->9575 9574->9575 9576 15a83b ___free_lconv_mon 14 API calls 9575->9576 9576->9577 9577->9505 9579 156918 ___scrt_is_nonwritable_in_current_image 9578->9579 9580 15692c 9579->9580 9581 15691f GetLastError ExitThread 9579->9581 9582 159787 _unexpected 39 API calls 9580->9582 9583 156931 9582->9583 9594 15b0e6 9583->9594 9586 156948 9598 1534c0 9586->9598 9588 156964 9608 156877 9588->9608 9595 15b0f6 _unexpected 9594->9595 9596 15693c 9594->9596 9595->9596 9611 15948e 9595->9611 9596->9586 9605 1593e5 9596->9605 9599 1536b0 5 API calls 9598->9599 9600 153502 std::_Throw_Cpp_error 9599->9600 9614 153820 9600->9614 9604 153552 9604->9588 9606 159599 _unexpected 5 API calls 9605->9606 9607 159401 9606->9607 9607->9586 9692 15698a 9608->9692 9612 159599 _unexpected 5 API calls 9611->9612 9613 1594aa 9612->9613 9613->9596 9625 151930 9614->9625 9617 15432f GetCurrentThreadId 9679 1543f0 9617->9679 9619 1543d0 9620 1546d7 ReleaseSRWLockExclusive 9619->9620 9621 1543da 9620->9621 9621->9604 9623 15436c 9623->9619 9685 1546d7 9623->9685 9688 154822 WakeAllConditionVariable 9623->9688 9645 151770 GetPEB 9625->9645 9627 151971 9646 1511d0 9627->9646 9630 1519f0 GetFileSize 9631 151a17 CloseHandle 9630->9631 9633 151a30 9630->9633 9644 1519e6 9631->9644 9632 151aec 9632->9617 9635 151a4a ReadFile 9633->9635 9634 151bc8 9652 1517e0 9634->9652 9638 151acd CloseHandle 9635->9638 9639 151a8c 9635->9639 9638->9644 9640 151ab4 CloseHandle 9639->9640 9642 151a9e 9639->9642 9640->9644 9642->9640 9644->9632 9644->9634 9667 151360 9644->9667 9671 151000 9644->9671 9675 151430 9644->9675 9645->9627 9648 151251 9646->9648 9647 151360 std::_Throw_Cpp_error 42 API calls 9647->9648 9648->9647 9649 151000 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 9648->9649 9650 151430 39 API calls 9648->9650 9651 151303 CreateFileA 9648->9651 9649->9648 9650->9648 9651->9630 9651->9644 9653 1511d0 42 API calls 9652->9653 9654 151843 FreeConsole 9653->9654 9655 1514a0 20 API calls 9654->9655 9656 151870 9655->9656 9657 1514a0 20 API calls 9656->9657 9658 1518aa 9657->9658 9659 1511d0 42 API calls 9658->9659 9660 1518bf VirtualProtect 9659->9660 9662 151906 9660->9662 9663 151911 9660->9663 9664 1517a0 ExitProcess 9662->9664 9665 153c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9663->9665 9664->9663 9666 151920 9665->9666 9666->9632 9668 1513a8 std::_Throw_Cpp_error 9667->9668 9669 153120 std::_Throw_Cpp_error 42 API calls 9668->9669 9670 1513e3 9669->9670 9670->9644 9672 151032 9671->9672 9673 153c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9672->9673 9674 15117a 9673->9674 9674->9644 9676 15146a 9675->9676 9677 152f00 std::_Throw_Cpp_error 39 API calls 9676->9677 9678 151473 9677->9678 9678->9644 9689 1546c6 9679->9689 9681 1543f9 9682 153e7f std::_Throw_Cpp_error 42 API calls 9681->9682 9683 15440d 9681->9683 9684 154416 9682->9684 9683->9623 9686 1546e4 ReleaseSRWLockExclusive 9685->9686 9687 1546f2 9685->9687 9686->9687 9687->9623 9688->9623 9690 1546f6 12 API calls 9689->9690 9691 1546d3 9690->9691 9691->9681 9693 1598d8 __dosmaperr 14 API calls 9692->9693 9694 156995 9693->9694 9695 1569d7 ExitThread 9694->9695 9697 1569ae 9694->9697 9701 159420 9694->9701 9698 1569c1 9697->9698 9699 1569ba CloseHandle 9697->9699 9698->9695 9700 1569cd FreeLibraryAndExitThread 9698->9700 9699->9698 9700->9695 9702 159599 _unexpected 5 API calls 9701->9702 9703 159439 9702->9703 9703->9697 9705 1540b3 __EH_prolog3_GS 9704->9705 9706 151360 std::_Throw_Cpp_error 42 API calls 9705->9706 9707 1540c7 9706->9707 9714 153fe4 9707->9714 9734 153d75 9714->9734 9721 152f00 std::_Throw_Cpp_error 39 API calls 9722 15402d 9721->9722 9723 153c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9722->9723 9724 15404c 9723->9724 9725 152f00 9724->9725 9726 152f24 std::_Throw_Cpp_error 9725->9726 9728 152f34 std::_Throw_Cpp_error 9726->9728 9813 152fd0 9726->9813 9729 153c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9728->9729 9730 152f9e 9729->9730 9731 1546b7 9730->9731 9732 153c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9731->9732 9733 1546c1 9732->9733 9733->9733 9735 153d98 9734->9735 9756 154160 9735->9756 9737 153da3 9738 153f71 9737->9738 9739 153f7d __EH_prolog3_GS 9738->9739 9741 153f9c std::_Throw_Cpp_error 9739->9741 9779 153dab 9739->9779 9742 153dab std::_Throw_Cpp_error 42 API calls 9741->9742 9743 153fc1 9742->9743 9744 152f00 std::_Throw_Cpp_error 39 API calls 9743->9744 9745 153fc9 9744->9745 9783 151f40 9745->9783 9748 152f00 std::_Throw_Cpp_error 39 API calls 9749 153fdc 9748->9749 9750 1546b7 std::_Throw_Cpp_error 5 API calls 9749->9750 9751 153fe3 9750->9751 9752 153e0f 9751->9752 9753 153e22 9752->9753 9802 153c9c 9753->9802 9757 154173 9756->9757 9758 1541cc 9756->9758 9763 15417d std::_Throw_Cpp_error 9757->9763 9765 152d10 9757->9765 9776 152c90 9758->9776 9763->9737 9766 152d3e std::_Throw_Cpp_error 9765->9766 9767 153c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9766->9767 9768 152d9d 9767->9768 9769 152360 9768->9769 9770 15237f 9769->9770 9775 152373 9769->9775 9771 15238c 9770->9771 9772 15239f 9770->9772 9774 1523c0 std::_Throw_Cpp_error 42 API calls 9771->9774 9773 152430 std::_Throw_Cpp_error 21 API calls 9772->9773 9773->9775 9774->9775 9775->9763 9777 1542ba std::_Xinvalid_argument 41 API calls 9776->9777 9778 152ca2 9777->9778 9780 153dfa 9779->9780 9782 153dc5 std::_Throw_Cpp_error 9779->9782 9787 1541d2 9780->9787 9782->9741 9784 151f82 std::_Throw_Cpp_error 9783->9784 9798 152090 9784->9798 9788 1541f6 9787->9788 9789 15429c 9787->9789 9790 152d10 std::_Throw_Cpp_error 5 API calls 9788->9790 9791 152c90 std::_Throw_Cpp_error 41 API calls 9789->9791 9792 154208 9790->9792 9793 1542a1 9791->9793 9794 152360 std::_Throw_Cpp_error 42 API calls 9792->9794 9795 154213 std::_Throw_Cpp_error 9794->9795 9796 152b30 std::_Throw_Cpp_error 39 API calls 9795->9796 9797 154267 std::_Throw_Cpp_error 9795->9797 9796->9797 9797->9782 9799 1520d5 std::_Throw_Cpp_error 9798->9799 9800 153c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9799->9800 9801 151fc1 9800->9801 9801->9748 9805 155b4b 9802->9805 9806 155b58 9805->9806 9812 153cc8 9805->9812 9807 157e10 ___std_exception_copy 15 API calls 9806->9807 9806->9812 9808 155b75 9807->9808 9809 155b85 9808->9809 9810 158dbc ___std_exception_copy 39 API calls 9808->9810 9811 157df5 ___std_exception_copy 14 API calls 9809->9811 9810->9809 9811->9812 9812->9721 9816 153020 9813->9816 9819 152b30 9816->9819 9820 152b65 std::_Throw_Cpp_error 9819->9820 9821 152b53 9819->9821 9823 153c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9820->9823 9822 152b90 std::_Throw_Cpp_error 39 API calls 9821->9822 9822->9820 9824 152b81 9823->9824 9824->9728 9826 154444 9825->9826 9827 151e83 9825->9827 9828 154461 CloseHandle 9826->9828 9829 15444b GetExitCodeThread 9826->9829 9827->9482 9827->9483 9828->9827 9829->9827 9830 15445c 9829->9830 9830->9828 9832 157eb7 ___scrt_is_nonwritable_in_current_image 9831->9832 9833 159787 _unexpected 39 API calls 9832->9833 9836 157ebc 9833->9836 9834 157da6 CallUnexpected 39 API calls 9835 157ee6 9834->9835 9836->9834 9838 156b59 9837->9838 9846 156b6a 9837->9846 9839 154fd4 _unexpected GetModuleHandleW 9838->9839 9841 156b5e 9839->9841 9841->9846 9848 156a60 GetModuleHandleExW 9841->9848 9843 156a18 9843->8396 9853 156cc6 9846->9853 9849 156a9f GetProcAddress 9848->9849 9850 156ab3 9848->9850 9849->9850 9851 156ac6 FreeLibrary 9850->9851 9852 156acf 9850->9852 9851->9852 9852->9846 9854 156cd2 ___scrt_is_nonwritable_in_current_image 9853->9854 9868 1596f8 EnterCriticalSection 9854->9868 9856 156cdc 9869 156bc3 9856->9869 9858 156ce9 9873 156d07 9858->9873 9861 156afb 9898 156ae2 9861->9898 9863 156b05 9864 156b19 9863->9864 9865 156b09 GetCurrentProcess TerminateProcess 9863->9865 9866 156a60 _unexpected 3 API calls 9864->9866 9865->9864 9867 156b21 ExitProcess 9866->9867 9868->9856 9871 156bcf ___scrt_is_nonwritable_in_current_image _unexpected 9869->9871 9870 156c33 _unexpected 9870->9858 9871->9870 9876 15726d 9871->9876 9897 15970f LeaveCriticalSection 9873->9897 9875 156ba2 9875->9843 9875->9861 9877 157279 __EH_prolog3 9876->9877 9880 1574f8 9877->9880 9879 1572a0 _unexpected 9879->9870 9881 157504 ___scrt_is_nonwritable_in_current_image 9880->9881 9888 1596f8 EnterCriticalSection 9881->9888 9883 157512 9889 1573c3 9883->9889 9888->9883 9890 1573da 9889->9890 9891 1573e2 9889->9891 9893 157547 9890->9893 9891->9890 9892 15a83b ___free_lconv_mon 14 API calls 9891->9892 9892->9890 9896 15970f LeaveCriticalSection 9893->9896 9895 157530 9895->9879 9896->9895 9897->9875 9901 15b0bf 9898->9901 9900 156ae7 _unexpected 9900->9863 9902 15b0ce _unexpected 9901->9902 9903 15b0db 9902->9903 9905 15944e 9902->9905 9903->9900 9906 159599 _unexpected 5 API calls 9905->9906 9907 15946a 9906->9907 9907->9903 9909 1565a4 9908->9909 9910 1565b6 ___scrt_uninitialize_crt 9908->9910 9911 1565b2 9909->9911 9913 15ac17 9909->9913 9910->8434 9911->8434 9916 15ad42 9913->9916 9919 15ae1b 9916->9919 9920 15ae27 ___scrt_is_nonwritable_in_current_image 9919->9920 9927 1596f8 EnterCriticalSection 9920->9927 9922 15ae9d 9936 15aebb 9922->9936 9923 15ae31 ___scrt_uninitialize_crt 9923->9922 9928 15ad8f 9923->9928 9927->9923 9929 15ad9b ___scrt_is_nonwritable_in_current_image 9928->9929 9939 156616 EnterCriticalSection 9929->9939 9931 15adde 9953 15ae0f 9931->9953 9932 15ada5 ___scrt_uninitialize_crt 9932->9931 9940 15ac20 9932->9940 10052 15970f LeaveCriticalSection 9936->10052 9938 15ac1e 9938->9911 9939->9932 9941 15ac35 __strnicoll 9940->9941 9942 15ac47 9941->9942 9943 15ac3c 9941->9943 9956 15ac85 9942->9956 9944 15ad42 ___scrt_uninitialize_crt 68 API calls 9943->9944 9952 15ac42 9944->9952 9947 157ad9 __strnicoll 39 API calls 9948 15ac7f 9947->9948 9948->9931 9950 15ac68 9969 15d7df 9950->9969 9952->9947 10051 15662a LeaveCriticalSection 9953->10051 9955 15adfd 9955->9923 9957 15ac9e 9956->9957 9961 15ac51 9956->9961 9958 15d0a3 ___scrt_uninitialize_crt 39 API calls 9957->9958 9957->9961 9959 15acba 9958->9959 9980 15db1a 9959->9980 9961->9952 9962 15d0a3 9961->9962 9963 15d0c4 9962->9963 9964 15d0af 9962->9964 9963->9950 9965 15aec7 __dosmaperr 14 API calls 9964->9965 9966 15d0b4 9965->9966 9967 15786b __strnicoll 39 API calls 9966->9967 9968 15d0bf 9967->9968 9968->9950 9970 15d7f0 9969->9970 9971 15d7fd 9969->9971 9972 15aec7 __dosmaperr 14 API calls 9970->9972 9973 15d846 9971->9973 9975 15d824 9971->9975 9979 15d7f5 9972->9979 9974 15aec7 __dosmaperr 14 API calls 9973->9974 9976 15d84b 9974->9976 10021 15d85c 9975->10021 9978 15786b __strnicoll 39 API calls 9976->9978 9978->9979 9979->9952 9983 15db26 ___scrt_is_nonwritable_in_current_image 9980->9983 9981 15db2e 9981->9961 9982 15db67 9984 157a14 __strnicoll 29 API calls 9982->9984 9983->9981 9983->9982 9985 15dbad 9983->9985 9984->9981 9991 15d047 EnterCriticalSection 9985->9991 9987 15dbb3 9988 15dbd1 9987->9988 9992 15d8fe 9987->9992 10018 15dc23 9988->10018 9991->9987 9993 15d926 9992->9993 10007 15d949 ___scrt_uninitialize_crt 9992->10007 9994 15d92a 9993->9994 9996 15d985 9993->9996 9995 157a14 __strnicoll 29 API calls 9994->9995 9995->10007 9997 15d9a3 9996->9997 9998 15f111 ___scrt_uninitialize_crt 41 API calls 9996->9998 9999 15dc2b ___scrt_uninitialize_crt 40 API calls 9997->9999 9998->9997 10000 15d9b5 9999->10000 10001 15da02 10000->10001 10002 15d9bb 10000->10002 10003 15da16 10001->10003 10004 15da6b WriteFile 10001->10004 10005 15d9c3 10002->10005 10006 15d9ea 10002->10006 10010 15da57 10003->10010 10011 15da1e 10003->10011 10004->10007 10008 15da8d GetLastError 10004->10008 10005->10007 10015 15e06f ___scrt_uninitialize_crt 6 API calls 10005->10015 10009 15dca8 ___scrt_uninitialize_crt 45 API calls 10006->10009 10007->9988 10008->10007 10009->10007 10012 15e0d7 ___scrt_uninitialize_crt 7 API calls 10010->10012 10013 15da43 10011->10013 10014 15da23 10011->10014 10012->10007 10016 15e29b ___scrt_uninitialize_crt 8 API calls 10013->10016 10014->10007 10017 15e1b2 ___scrt_uninitialize_crt 7 API calls 10014->10017 10015->10007 10016->10007 10017->10007 10019 15d06a ___scrt_uninitialize_crt LeaveCriticalSection 10018->10019 10020 15dc29 10019->10020 10020->9981 10022 15d868 ___scrt_is_nonwritable_in_current_image 10021->10022 10034 15d047 EnterCriticalSection 10022->10034 10024 15d877 10032 15d8bc 10024->10032 10035 15cdfe 10024->10035 10026 15aec7 __dosmaperr 14 API calls 10028 15d8c3 10026->10028 10027 15d8a3 FlushFileBuffers 10027->10028 10029 15d8af GetLastError 10027->10029 10048 15d8f2 10028->10048 10030 15aeda __dosmaperr 14 API calls 10029->10030 10030->10032 10032->10026 10034->10024 10036 15ce20 10035->10036 10037 15ce0b 10035->10037 10040 15aeda __dosmaperr 14 API calls 10036->10040 10042 15ce45 10036->10042 10038 15aeda __dosmaperr 14 API calls 10037->10038 10039 15ce10 10038->10039 10041 15aec7 __dosmaperr 14 API calls 10039->10041 10043 15ce50 10040->10043 10045 15ce18 10041->10045 10042->10027 10044 15aec7 __dosmaperr 14 API calls 10043->10044 10046 15ce58 10044->10046 10045->10027 10047 15786b __strnicoll 39 API calls 10046->10047 10047->10045 10049 15d06a ___scrt_uninitialize_crt LeaveCriticalSection 10048->10049 10050 15d8db 10049->10050 10050->9979 10051->9955 10052->9938

                                                                Executed Functions

                                                                Function 0016A1A9 Relevance: 42.3, APIs: 10, Strings: 14, Instructions: 295threadinjectionmemoryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,0016A11B,0016A10B), ref: 0016A33F
                                                                • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 0016A352
                                                                • Wow64GetThreadContext.KERNEL32(000000FC,00000000), ref: 0016A370
                                                                • ReadProcessMemory.KERNELBASE(00000100,?,0016A15F,00000004,00000000), ref: 0016A394
                                                                • VirtualAllocEx.KERNELBASE(00000100,?,?,00003000,00000040), ref: 0016A3BF
                                                                • WriteProcessMemory.KERNELBASE(00000100,00000000,?,?,00000000,?), ref: 0016A417
                                                                • WriteProcessMemory.KERNELBASE(00000100,00400000,?,?,00000000,?,00000028), ref: 0016A462
                                                                • WriteProcessMemory.KERNELBASE(00000100,?,?,00000004,00000000), ref: 0016A4A0
                                                                • Wow64SetThreadContext.KERNEL32(000000FC,013D0000), ref: 0016A4DC
                                                                • ResumeThread.KERNELBASE(000000FC), ref: 0016A4EB
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
                                                                • String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe$CreateProcessW$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
                                                                • API String ID: 2687962208-3857624555
                                                                • Opcode ID: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
                                                                • Instruction ID: 5b63dbf06dbd9185936153c867414a58519ee099e1af87d2d57e8b9fb563929a
                                                                • Opcode Fuzzy Hash: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
                                                                • Instruction Fuzzy Hash: FFB1F97664064AAFDB60CF68CC80BDA73A5FF88714F158124EA0CAB341D774FA51CB94
                                                                Function 0015D525 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 197COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 26 15d525-15d53e 27 15d554-15d559 26->27 28 15d540-15d550 call 15f2f0 26->28 29 15d566-15d58c call 15b55e 27->29 30 15d55b-15d563 27->30 28->27 34 15d552 28->34 36 15d702-15d713 call 153c8e 29->36 37 15d592-15d59d 29->37 30->29 34->27 38 15d6f5 37->38 39 15d5a3-15d5a8 37->39 44 15d6f7 38->44 42 15d5c1-15d5cc call 15b3b5 39->42 43 15d5aa-15d5b3 call 15e580 39->43 42->44 53 15d5d2 42->53 43->44 51 15d5b9-15d5bf 43->51 46 15d6f9-15d700 call 15b43d 44->46 46->36 54 15d5d8-15d5dd 51->54 53->54 54->44 55 15d5e3-15d5f8 call 15b55e 54->55 55->44 58 15d5fe-15d610 call 159357 55->58 60 15d615-15d619 58->60 60->44 61 15d61f-15d627 60->61 62 15d661-15d66d 61->62 63 15d629-15d62e 61->63 65 15d66f-15d671 62->65 66 15d6ea 62->66 63->46 64 15d634-15d636 63->64 64->44 70 15d63c-15d656 call 159357 64->70 67 15d686-15d691 call 15b3b5 65->67 68 15d673-15d67c call 15e580 65->68 69 15d6ec-15d6f3 call 15b43d 66->69 67->69 80 15d693 67->80 68->69 79 15d67e-15d684 68->79 69->44 70->46 81 15d65c 70->81 82 15d699-15d69e 79->82 80->82 81->44 82->69 83 15d6a0-15d6b8 call 159357 82->83 83->69 86 15d6ba-15d6c1 83->86 87 15d6c3-15d6c4 86->87 88 15d6e2-15d6e8 86->88 89 15d6c5-15d6d7 call 15c8a1 87->89 88->89 89->69 92 15d6d9-15d6e0 call 15b43d 89->92 92->46
                                                                APIs
                                                                • __alloca_probe_16.LIBCMT ref: 0015D5AA
                                                                • __alloca_probe_16.LIBCMT ref: 0015D673
                                                                • __freea.LIBCMT ref: 0015D6DA
                                                                  • Part of subcall function 0015B3B5: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00153C34,?,?,00152442,00001000,?,001523AA), ref: 0015B3E7
                                                                • __freea.LIBCMT ref: 0015D6ED
                                                                • __freea.LIBCMT ref: 0015D6FA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                                • String ID: o]\^
                                                                • API String ID: 1423051803-3166235393
                                                                • Opcode ID: 16e5a71ddf46e9a842967b07dab544345ceda89b9cfb0306044750497682d3f9
                                                                • Instruction ID: 7af75b38530b62b3acfcce6219ac3fc428279bf55bdd3c92306fe759e24bd10b
                                                                • Opcode Fuzzy Hash: 16e5a71ddf46e9a842967b07dab544345ceda89b9cfb0306044750497682d3f9
                                                                • Instruction Fuzzy Hash: 1051BF72600246EFEB359F64EC81DAB3AA9EB54716B1A0029FC38DE141EB71CC19C761
                                                                Function 001594CE Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 95 1594ce-1594da 96 15956c-15956f 95->96 97 159575 96->97 98 1594df-1594f0 96->98 99 159577-15957b 97->99 100 1594f2-1594f5 98->100 101 1594fd-159516 LoadLibraryExW 98->101 102 159595-159597 100->102 103 1594fb 100->103 104 15957c-15958c 101->104 105 159518-159521 GetLastError 101->105 102->99 107 159569 103->107 104->102 106 15958e-15958f FreeLibrary 104->106 108 159523-159535 call 15b403 105->108 109 15955a-159567 105->109 106->102 107->96 108->109 112 159537-159549 call 15b403 108->112 109->107 112->109 115 15954b-159558 LoadLibraryExW 112->115 115->104 115->109
                                                                APIs
                                                                • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,5E5C5D6F,?,001595DD,?,?,00000000), ref: 0015958F
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: FreeLibrary
                                                                • String ID: api-ms-$ext-ms-
                                                                • API String ID: 3664257935-537541572
                                                                • Opcode ID: 7affb6c59a394bdbbf6f5f3616ab0a2aa38e90e5278069716d4f614a12a0c980
                                                                • Instruction ID: acd7f4008ea39d60b9136434c343c7033cda25d9e0e72691c37dd796aa33edfe
                                                                • Opcode Fuzzy Hash: 7affb6c59a394bdbbf6f5f3616ab0a2aa38e90e5278069716d4f614a12a0c980
                                                                • Instruction Fuzzy Hash: DF213D71A11211E7CB228724EC40A5A37689B557A2F150112FD26EF2D0FB70EE59C6D1
                                                                Function 00151930 Relevance: 9.2, APIs: 6, Instructions: 196fileCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 116 151930-1519e0 call 151770 call 1511d0 CreateFileA 121 1519e6-1519eb 116->121 122 1519f0-151a11 GetFileSize 116->122 123 151ae1-151ae6 121->123 124 151a17-151a2b CloseHandle 122->124 125 151a30-151a86 call 153c80 ReadFile 122->125 126 151af1-151b2e 123->126 127 151aec 123->127 124->123 138 151acd-151add CloseHandle 125->138 139 151a8c-151a98 125->139 130 151b35-151b3c 126->130 129 151bdb-151bf5 127->129 133 151b42-151b8a call 151360 call 151000 call 151430 130->133 134 151bc8-151bd6 call 1517e0 130->134 152 151b95-151bab 133->152 153 151b90 133->153 134->129 138->123 142 151ab4-151ac8 CloseHandle 139->142 143 151a9e-151aaf call 153c89 139->143 142->123 143->142 154 151bb0-151bc3 152->154 153->154 154->130
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: File$CloseCreateHandleSize
                                                                • String ID:
                                                                • API String ID: 1378416451-0
                                                                • Opcode ID: f7e7d1c7febc28ae0117fa80e1e9ec53522b4cfb9b5be72e2d9f7f13c097d2e4
                                                                • Instruction ID: 22b242a1e22839720b0eaf758c1ac9a999af9b4dfa29b11b4b7790ffa4b11c61
                                                                • Opcode Fuzzy Hash: f7e7d1c7febc28ae0117fa80e1e9ec53522b4cfb9b5be72e2d9f7f13c097d2e4
                                                                • Instruction Fuzzy Hash: 0281F1B4D09248EFCB05DFA8D584BAEBBF0BF09305F104929E865AB381D7749948CF56
                                                                Function 001517E0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 77memoryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: ConsoleFreeProtectVirtual
                                                                • String ID: @$o]\^
                                                                • API String ID: 621788221-388437526
                                                                • Opcode ID: bfeffa24c65ec418c67f9feb1749f4b4ea723f9be89ae00844834e58ffd366df
                                                                • Instruction ID: def4d87e15a59e94998dea7a5079ce6971965a1656b6356f3f6db67979aab156
                                                                • Opcode Fuzzy Hash: bfeffa24c65ec418c67f9feb1749f4b4ea723f9be89ae00844834e58ffd366df
                                                                • Instruction Fuzzy Hash: D031A2B0904208EFDB04DFA9D98979EBBF0BF48319F518429E858AB350D7749988CF95
                                                                Function 0015A0BA Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 177COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 171 15a0ba-15a0e2 call 15a2bf 174 15a2a7-15a2a8 call 15a330 171->174 175 15a0e8-15a0ee 171->175 180 15a2ad-15a2af 174->180 176 15a0f1-15a0f7 175->176 178 15a1f3-15a212 call 156360 176->178 179 15a0fd-15a109 176->179 190 15a215-15a21a 178->190 179->176 182 15a10b-15a111 179->182 181 15a2b0-15a2be call 153c8e 180->181 185 15a117-15a123 IsValidCodePage 182->185 186 15a1eb-15a1ee 182->186 185->186 189 15a129-15a130 185->189 186->181 191 15a152-15a15f GetCPInfo 189->191 192 15a132-15a13e 189->192 193 15a257-15a261 190->193 194 15a21c-15a221 190->194 197 15a161-15a180 call 156360 191->197 198 15a1df-15a1e5 191->198 196 15a142-15a14d 192->196 193->190 195 15a263-15a28d call 15a60b 193->195 199 15a254 194->199 200 15a223-15a22b 194->200 211 15a28e-15a29d 195->211 204 15a29f-15a2a0 call 15a649 196->204 197->196 213 15a182-15a189 197->213 198->174 198->186 199->193 201 15a22d-15a230 200->201 202 15a24c-15a252 200->202 206 15a232-15a238 201->206 202->194 202->199 212 15a2a5 204->212 206->202 210 15a23a-15a24a 206->210 210->202 210->206 211->204 211->211 212->180 214 15a1b5-15a1b8 213->214 215 15a18b-15a190 213->215 216 15a1bd-15a1c4 214->216 215->214 217 15a192-15a19a 215->217 216->216 220 15a1c6-15a1da call 15a60b 216->220 218 15a1ad-15a1b3 217->218 219 15a19c-15a1a3 217->219 218->214 218->215 221 15a1a4-15a1ab 219->221 220->196 221->218 221->221
                                                                APIs
                                                                  • Part of subcall function 0015A2BF: GetOEMCP.KERNEL32(00000000,?,?,00000000,?), ref: 0015A2EA
                                                                • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,?,?,?,?,0015A4CA,?,00000000,?,00000000,?), ref: 0015A11B
                                                                • GetCPInfo.KERNEL32(00000000,?,?,?,?,?,?,?,?,0015A4CA,?,00000000,?,00000000,?), ref: 0015A157
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: CodeInfoPageValid
                                                                • String ID: o]\^
                                                                • API String ID: 546120528-3166235393
                                                                • Opcode ID: 177b144db294362f7009cbe35344f7cd89d9d9319f7458ea037b0e23e343e13a
                                                                • Instruction ID: ecab91cafea9dbb5558f2c7b6abe9132cb00faaef375f898ab6744d22dfd736f
                                                                • Opcode Fuzzy Hash: 177b144db294362f7009cbe35344f7cd89d9d9319f7458ea037b0e23e343e13a
                                                                • Instruction Fuzzy Hash: B8516930980744CFDB21CF75C8826AABBF5FF51301F58426ED8A68F241D7759949CB52
                                                                Function 00153C1A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94COMMONLIBRARYCODE
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 224 153c1a-153c1d 225 153c2c-153c2f call 157e10 224->225 227 153c34-153c37 225->227 228 153c1f-153c2a call 156d13 227->228 229 153c39-153c3a 227->229 228->225 232 153c3b-153c3f 228->232 233 153c45-15449e call 1542a2 call 15556e 232->233 234 15449f-1544cf call 152480 call 15556e IsProcessorFeaturePresent 232->234 233->234 245 1544d6-1545b6 call 1545b7 234->245 246 1544d1-1544d4 234->246 246->245
                                                                APIs
                                                                • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 001544C7
                                                                • ___raise_securityfailure.LIBCMT ref: 001545AF
                                                                  • Part of subcall function 0015556E: RaiseException.KERNEL32(E06D7363,00000001,00000003,001544BB,?,?,?,?,001544BB,00001000,0016875C,00001000), ref: 001555CF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFeaturePresentProcessorRaise___raise_securityfailure
                                                                • String ID: o]\^
                                                                • API String ID: 3749517692-3166235393
                                                                • Opcode ID: 65181ebc723c8622509563488e4b038c08c851bd228eb458aaa477a7fca3cae3
                                                                • Instruction ID: eed3bc63a6e2304f1f7503e33e15f55cf7f1453e1e5174ece64d72008b57509b
                                                                • Opcode Fuzzy Hash: 65181ebc723c8622509563488e4b038c08c851bd228eb458aaa477a7fca3cae3
                                                                • Instruction Fuzzy Hash: 7C313D75508209EBD704EF55FDA665977E8BB08314F10452EE924DBAA0EBF0A9C4CB84
                                                                Function 001567F4 Relevance: 4.6, APIs: 3, Instructions: 51threadCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 249 1567f4-1567ff 250 156815-156828 call 156885 249->250 251 156801-156814 call 15aec7 call 15786b 249->251 256 156856 250->256 257 15682a-156847 CreateThread 250->257 261 156858-156864 call 1568d5 256->261 259 156865-15686a 257->259 260 156849-156855 GetLastError call 15aeed 257->260 265 156871-156875 259->265 266 15686c-15686f 259->266 260->256 265->261 266->265
                                                                APIs
                                                                • CreateThread.KERNELBASE(001534C0,?,Function_0000690C,00000000,?,001534C0), ref: 0015683D
                                                                • GetLastError.KERNEL32(?,00000000,00000000,?,00153379), ref: 00156849
                                                                • __dosmaperr.LIBCMT ref: 00156850
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: CreateErrorLastThread__dosmaperr
                                                                • String ID:
                                                                • API String ID: 2744730728-0
                                                                • Opcode ID: 41719979759048b2b9f3000f1a78727d34b278a1e603e4ca4fbe12dd6bdf65b6
                                                                • Instruction ID: 0efdb691b782424f0cb87dd59a380c9601ce726a5cfb8f89b4c306191563e4d4
                                                                • Opcode Fuzzy Hash: 41719979759048b2b9f3000f1a78727d34b278a1e603e4ca4fbe12dd6bdf65b6
                                                                • Instruction Fuzzy Hash: A5018C72900219EFDF059FA0DC06AAE7BA9EF10366F404158FC219B190DB71CD58DBE1
                                                                Function 0015A649 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 142COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 269 15a649-15a66b 270 15a671-15a683 GetCPInfo 269->270 271 15a77d-15a7a3 269->271 270->271 272 15a689-15a690 270->272 273 15a7a8-15a7ad 271->273 274 15a692-15a69c 272->274 275 15a7b7-15a7bd 273->275 276 15a7af-15a7b5 273->276 274->274 280 15a69e-15a6b1 274->280 278 15a7bf-15a7c2 275->278 279 15a7c9 275->279 277 15a7c5-15a7c7 276->277 281 15a7cb-15a7dd 277->281 278->277 279->281 282 15a6d2-15a6d4 280->282 281->273 283 15a7df-15a7ed call 153c8e 281->283 284 15a6d6-15a70d call 15b45d call 15d4dc 282->284 285 15a6b3-15a6ba 282->285 295 15a712-15a740 call 15d4dc 284->295 288 15a6c9-15a6cb 285->288 291 15a6cd-15a6d0 288->291 292 15a6bc-15a6be 288->292 291->282 292->291 294 15a6c0-15a6c8 292->294 294->288 298 15a742-15a74d 295->298 299 15a74f-15a759 298->299 300 15a75b-15a75e 298->300 301 15a76e-15a779 299->301 302 15a760-15a76a 300->302 303 15a76c 300->303 301->298 304 15a77b 301->304 302->301 303->301 304->283
                                                                APIs
                                                                • GetCPInfo.KERNEL32(00000083,?,00000005,0015A4CA,?), ref: 0015A67B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: Info
                                                                • String ID: o]\^
                                                                • API String ID: 1807457897-3166235393
                                                                • Opcode ID: c1312fda3f59b1f986b2bc739247e0ae9bc0f9594c0d1b0374bf943ae4bbe185
                                                                • Instruction ID: 9ed6d649b0f1c643a4cad99a6c39c2dcaa95d7f7ff166ec7a690e6c6aa5d8e41
                                                                • Opcode Fuzzy Hash: c1312fda3f59b1f986b2bc739247e0ae9bc0f9594c0d1b0374bf943ae4bbe185
                                                                • Instruction Fuzzy Hash: 675149B1504158DEDB118E28CD94BE9BB7CEF19300F5402E9E8A9CB182D3369E8DDF61
                                                                Function 00159599 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56COMMONLIBRARYCODE
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 305 159599-1595c3 306 1595c5-1595c7 305->306 307 1595c9-1595cb 305->307 308 15961a-15961d 306->308 309 1595d1-1595d8 call 1594ce 307->309 310 1595cd-1595cf 307->310 312 1595dd-1595e1 309->312 310->308 313 159600-159617 312->313 314 1595e3-1595f1 GetProcAddress 312->314 316 159619 313->316 314->313 315 1595f3-1595fe call 1565f7 314->315 315->316 316->308
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: o]\^
                                                                • API String ID: 0-3166235393
                                                                • Opcode ID: e69a63c7a56d0eba899ec3847bf09e35db446328f3274c37b19b0d2abe443c9f
                                                                • Instruction ID: ce1d0e59ee22a3f4ce22739b5b697f64681f5c6cd1f0ab73c395887445076a49
                                                                • Opcode Fuzzy Hash: e69a63c7a56d0eba899ec3847bf09e35db446328f3274c37b19b0d2abe443c9f
                                                                • Instruction Fuzzy Hash: E8012433254214EF8B068F68ED80A1A33B5FBC132136A4125FD20DF494EB30D898DB86
                                                                Function 001517A0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 18COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 319 1517a0-1517d5 ExitProcess
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: ExitProcess
                                                                • String ID: o]\^
                                                                • API String ID: 621844428-3166235393
                                                                • Opcode ID: 47a5ccd2e83dc1b6d6e71a8a9265b3687145e62ab61cd491d56411f8a0b1b80e
                                                                • Instruction ID: 1eb30a9fea9d17cbb17ccba27612c615abfe222ef51e9efd38821541354aa5e5
                                                                • Opcode Fuzzy Hash: 47a5ccd2e83dc1b6d6e71a8a9265b3687145e62ab61cd491d56411f8a0b1b80e
                                                                • Instruction Fuzzy Hash: 59E012316152089BD740EF79CC0479A7BE5EF49311F858438E989EB384DA74E8808B92
                                                                Function 00159EAC Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 321 159eac-159eb1 322 159eb3-159ecb 321->322 323 159ecd-159ed1 322->323 324 159ed9-159ee2 322->324 323->324 325 159ed3-159ed7 323->325 326 159ef4 324->326 327 159ee4-159ee7 324->327 328 159f4e-159f52 325->328 331 159ef6-159f03 GetStdHandle 326->331 329 159ef0-159ef2 327->329 330 159ee9-159eee 327->330 328->322 332 159f58-159f5b 328->332 329->331 330->331 333 159f05-159f07 331->333 334 159f30-159f42 331->334 333->334 336 159f09-159f12 GetFileType 333->336 334->328 335 159f44-159f47 334->335 335->328 336->334 337 159f14-159f1d 336->337 338 159f25-159f28 337->338 339 159f1f-159f23 337->339 338->328 340 159f2a-159f2e 338->340 339->328 340->328
                                                                APIs
                                                                • GetStdHandle.KERNEL32(000000F6,?,?,?,?,?,?,?,00000000,00159D9B,001690B8,0000000C), ref: 00159EF8
                                                                • GetFileType.KERNELBASE(00000000,?,?,?,?,?,?,?,00000000,00159D9B,001690B8,0000000C), ref: 00159F0A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: FileHandleType
                                                                • String ID:
                                                                • API String ID: 3000768030-0
                                                                • Opcode ID: fa888fec50ac2246e6f23594f2c5a1900545230399c888a10fb0febd1e46f114
                                                                • Instruction ID: 7430517b5ed5acb52df5f6077061c6215b8724843a7178c868bbd126055286f5
                                                                • Opcode Fuzzy Hash: fa888fec50ac2246e6f23594f2c5a1900545230399c888a10fb0febd1e46f114
                                                                • Instruction Fuzzy Hash: CD11E431508701C6CB348E3E8C886227E95A756332B380B4FE9B6CA5F1C734D98DC242
                                                                Function 0015690C Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • GetLastError.KERNEL32(00168D78,0000000C), ref: 0015691F
                                                                • ExitThread.KERNEL32 ref: 00156926
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: ErrorExitLastThread
                                                                • String ID:
                                                                • API String ID: 1611280651-0
                                                                • Opcode ID: 5bdbd206853a4d9bf04c9c13bc506e5f664c21b3ce2e39ae75c7f84a9798e331
                                                                • Instruction ID: 3559a07c05284808ae2c415f89b697f770732c5240606c37d972aa188a400e96
                                                                • Opcode Fuzzy Hash: 5bdbd206853a4d9bf04c9c13bc506e5f664c21b3ce2e39ae75c7f84a9798e331
                                                                • Instruction Fuzzy Hash: 0EF0C271944604DFDB00AFB0CC4AE6E3B74FF64316F104589F8229F692CB749948CBA1
                                                                Function 00159357 Relevance: 3.0, APIs: 2, Instructions: 34COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 361 159357-159366 call 159652 364 15938f-1593a9 call 1593b4 LCMapStringW 361->364 365 159368-15938d LCMapStringEx 361->365 369 1593af-1593b1 364->369 365->369
                                                                APIs
                                                                • LCMapStringEx.KERNELBASE(?,0015D615,?,?,-00000008,?,00000000,00000000,00000000,00000000,00000000), ref: 0015938B
                                                                • LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,-00000008,-00000008,?,0015D615,?,?,-00000008,?,00000000), ref: 001593A9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: String
                                                                • String ID:
                                                                • API String ID: 2568140703-0
                                                                • Opcode ID: de4b397f64ec7e383e817938836225d4f4a4e04f84a4f0fa94fdc4fd14aa0dcf
                                                                • Instruction ID: 270a316de49f3e96f8e37714720ec0863c1f58c9a6a517ba536ef741ae39fd47
                                                                • Opcode Fuzzy Hash: de4b397f64ec7e383e817938836225d4f4a4e04f84a4f0fa94fdc4fd14aa0dcf
                                                                • Instruction Fuzzy Hash: 0BF0643240011AFBCF126FA0DC059EE3E26BF483A1B098110FE2869060CB76C875AB91
                                                                Function 0015A83B Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 370 15a83b-15a844 371 15a846-15a859 RtlFreeHeap 370->371 372 15a873-15a874 370->372 371->372 373 15a85b-15a872 GetLastError call 15af10 call 15aec7 371->373 373->372
                                                                APIs
                                                                • RtlFreeHeap.NTDLL(00000000,00000000,?,0015B3A9,?,00000000,?,?,0015B2C5,?,00000007,?,?,0015B8DE,?,?), ref: 0015A851
                                                                • GetLastError.KERNEL32(?,?,0015B3A9,?,00000000,?,?,0015B2C5,?,00000007,?,?,0015B8DE,?,?), ref: 0015A85C
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: ErrorFreeHeapLast
                                                                • String ID:
                                                                • API String ID: 485612231-0
                                                                • Opcode ID: c99264fbc235702625019b688d78b06dcec9228bce9a2b99bbb1464357620670
                                                                • Instruction ID: 0d86beef64d0e271c7b766fdb34acecfec84b7ad8513613b74c780a8757bd678
                                                                • Opcode Fuzzy Hash: c99264fbc235702625019b688d78b06dcec9228bce9a2b99bbb1464357620670
                                                                • Instruction Fuzzy Hash: F0E08C32184214EBCB112FA0EC09B993E58EF40357F504A21FA189A460CBB1C9E8CB8A
                                                                Function 001532D0 Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • std::_Throw_Cpp_error.LIBCPMT ref: 001533B3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: Cpp_errorThrow_std::_
                                                                • String ID:
                                                                • API String ID: 2134207285-0
                                                                • Opcode ID: 35374993114714533e5973764b1d507e3dc515ae0b28c54cfb6489bca27aeb99
                                                                • Instruction ID: 010a7a6b1c7e1361c1b3df898a3dc8299fce8459242c9c249252e877df4e8e05
                                                                • Opcode Fuzzy Hash: 35374993114714533e5973764b1d507e3dc515ae0b28c54cfb6489bca27aeb99
                                                                • Instruction Fuzzy Hash: C231E5B4901208CFCB04DFA8C545BAEBBF0FF48355F11816AE825AB351D7749A08CFA1
                                                                Function 0015B3B5 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00153C34,?,?,00152442,00001000,?,001523AA), ref: 0015B3E7
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: AllocateHeap
                                                                • String ID:
                                                                • API String ID: 1279760036-0
                                                                • Opcode ID: 53db97f450b493f2d4f022038b06792f0f44b6247b6ec62e74fdffc0c3e7896d
                                                                • Instruction ID: ea95c656e0d13371df47091fa8c3e70d611d52b993cd0185f5ca51862f11230b
                                                                • Opcode Fuzzy Hash: 53db97f450b493f2d4f022038b06792f0f44b6247b6ec62e74fdffc0c3e7896d
                                                                • Instruction Fuzzy Hash: 04E0302120D525D7DB6126669C42B6A7A58FF413A2B160520EDB5AE5D0DBA48C4881E1

                                                                Non-executed Functions

                                                                Function 0015BF4B Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 205COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0015C03B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: FileFindFirst
                                                                • String ID: o]\^
                                                                • API String ID: 1974802433-3166235393
                                                                • Opcode ID: a0ea231ebe075ab1a3ef42b65ee37447b501e886b7a67872c3507382ad30a5b5
                                                                • Instruction ID: bf14f25413f7bdb3324f76bc584791f3a26fa323736a95623c797c69d9ce13b9
                                                                • Opcode Fuzzy Hash: a0ea231ebe075ab1a3ef42b65ee37447b501e886b7a67872c3507382ad30a5b5
                                                                • Instruction Fuzzy Hash: 9671E8B1949228DFDF209F24CCC9AAEB7B5AF05302F5441DAE829AB151DB314EC98F50
                                                                Function 001578CC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 001579C4
                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 001579CE
                                                                • UnhandledExceptionFilter.KERNEL32(-00000327,?,?,?,?,?,00000000), ref: 001579DB
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                • String ID: o]\^
                                                                • API String ID: 3906539128-3166235393
                                                                • Opcode ID: 1f3cf3049b91913eadb2b3b82b050aacc231651d805e110f271baad2ebc1202f
                                                                • Instruction ID: 63dd6302aae221352505c1aadb5aa5743709e2338ae57699b37c67d58d755a42
                                                                • Opcode Fuzzy Hash: 1f3cf3049b91913eadb2b3b82b050aacc231651d805e110f271baad2ebc1202f
                                                                • Instruction Fuzzy Hash: 2C31D574901219DBCB61DF68DD8978DB7B4BF18315F5042DAE82CAB290EB709F858F44
                                                                Function 00155027 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 00155033
                                                                • IsDebuggerPresent.KERNEL32 ref: 001550FF
                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00155118
                                                                • UnhandledExceptionFilter.KERNEL32(?), ref: 00155122
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                • String ID:
                                                                • API String ID: 254469556-0
                                                                • Opcode ID: c093fe921d97236abf75fc67740ec2ecc7c4f34089457a990f2150179879fa83
                                                                • Instruction ID: 2c8978603b72dc2f3cb8dce3ee40f17f097023ba6b33add60f8e3e32b7094b6b
                                                                • Opcode Fuzzy Hash: c093fe921d97236abf75fc67740ec2ecc7c4f34089457a990f2150179879fa83
                                                                • Instruction Fuzzy Hash: CB31F975D05219DBDB20DFA4DD497CDBBB8BF08305F1041EAE50DAB250EB719A888F45
                                                                Function 001548D3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27timeCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetSystemTimePreciseAsFileTime.KERNEL32(?,00154844,?,?,?,?,00154868,000000FF,?,?,?,00154780,00000000), ref: 0015490B
                                                                • GetSystemTimeAsFileTime.KERNEL32(?,5E5C5D6F,?,?,00161B3D,000000FF,?,00154844,?,?,?,?,00154868,000000FF,?), ref: 0015490F
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: Time$FileSystem$Precise
                                                                • String ID: o]\^
                                                                • API String ID: 743729956-3166235393
                                                                • Opcode ID: 18f930e468d547e9a6dc01f3e9ac808bba51dd376ee7932a815311e37c51a6c7
                                                                • Instruction ID: 7feefaeea1bb1c8180e66c411523342ea4953bdc85eecaa94581d56688ac26e5
                                                                • Opcode Fuzzy Hash: 18f930e468d547e9a6dc01f3e9ac808bba51dd376ee7932a815311e37c51a6c7
                                                                • Instruction Fuzzy Hash: 6AF09B72958558EFCB019F44DC41B5AB7B8FB08B24F05462AEC23D7B90DBB46984CB90
                                                                Function 0015BE9A Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 199fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0015AF77: HeapAlloc.KERNEL32(00000008,?,?,?,001597D4,00000001,00000364,?,00000002,000000FF,?,00156931,00168D78,0000000C), ref: 0015AFB8
                                                                • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0015C03B
                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 0015C12F
                                                                • FindClose.KERNEL32(00000000), ref: 0015C16E
                                                                • FindClose.KERNEL32(00000000), ref: 0015C1A1
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: Find$CloseFile$AllocFirstHeapNext
                                                                • String ID: o]\^
                                                                • API String ID: 2701053895-3166235393
                                                                • Opcode ID: 8d5e56f34788c39c12434e773cb578d949f4013585fa3f1e29d0fa7f6373605d
                                                                • Instruction ID: 798e87efd19a8f4c819988506536c7b6b5283b0911e352570772907c324b3fe2
                                                                • Opcode Fuzzy Hash: 8d5e56f34788c39c12434e773cb578d949f4013585fa3f1e29d0fa7f6373605d
                                                                • Instruction Fuzzy Hash: 2C512775908118EFDB249F289CC59BEB7A9DF45346F14419AFC399F241EB308D4A8B60
                                                                Function 00161542 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,0016149D,?,?,00000008,?,?,0016106F,00000000), ref: 0016176F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: ExceptionRaise
                                                                • String ID:
                                                                • API String ID: 3997070919-0
                                                                • Opcode ID: 8bfa6e3f1734911af714fbb89ada78526a487181e32cb35ac2694eece4faa65c
                                                                • Instruction ID: f1d3e609236aaee7067341237eea14350fbfdcbdbd23bae3603026b76c5d1bfc
                                                                • Opcode Fuzzy Hash: 8bfa6e3f1734911af714fbb89ada78526a487181e32cb35ac2694eece4faa65c
                                                                • Instruction Fuzzy Hash: 49B15E36510609EFD719CF28C886B647BE0FF45365F2D8658E89ACF2A1C375E9A1CB40
                                                                Function 00155235 Relevance: 1.7, APIs: 1, Instructions: 242COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 0015524B
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: FeaturePresentProcessor
                                                                • String ID:
                                                                • API String ID: 2325560087-0
                                                                • Opcode ID: eed4330f427ed3c1dc1800befdb3547e8c46aa51bf86cd68df966e5bd6e28eae
                                                                • Instruction ID: 7d1563dc806a2c75bf23fda358666da4cd2713c184280f903b787279ce73d92a
                                                                • Opcode Fuzzy Hash: eed4330f427ed3c1dc1800befdb3547e8c46aa51bf86cd68df966e5bd6e28eae
                                                                • Instruction Fuzzy Hash: 10A1AF71911605CFDB19CF58EC962A9BBF1FF44325F18812AD829EB760D3B49884CF51
                                                                Function 0015501B Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetUnhandledExceptionFilter.KERNEL32(Function_0000513C,00154ACD), ref: 00155020
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterUnhandled
                                                                • String ID:
                                                                • API String ID: 3192549508-0
                                                                • Opcode ID: 2045080bb7e3f6c5fe7cddbfa61847ebaec128e67d7a827016c63eef7d56ed99
                                                                • Instruction ID: 206c130ca75cac128d0437cbcedab370dcee1f7ef1353cf487bdb81ff94d00c5
                                                                • Opcode Fuzzy Hash: 2045080bb7e3f6c5fe7cddbfa61847ebaec128e67d7a827016c63eef7d56ed99
                                                                • Instruction Fuzzy Hash:
                                                                Function 00151000 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: o]\^
                                                                • API String ID: 0-3166235393
                                                                • Opcode ID: b31aa5766cd2ac8492d7820cb0dd16da5f72d5c9f5b3fef4559b65d71bfcd311
                                                                • Instruction ID: 5a6228f2f5178760357f7f17b3888e090f39ced688987cfe8bee8605c6aa892a
                                                                • Opcode Fuzzy Hash: b31aa5766cd2ac8492d7820cb0dd16da5f72d5c9f5b3fef4559b65d71bfcd311
                                                                • Instruction Fuzzy Hash: 0E519AB0D0020DEFCB44DFA8C591AEEBBF4AB09351F24445AE825FB350D730AA45CB65
                                                                Function 00159726 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: HeapProcess
                                                                • String ID:
                                                                • API String ID: 54951025-0
                                                                • Opcode ID: 1f20e64b6973a36220a350def02388b6141f446362461056f5857fe0ce2b0dbf
                                                                • Instruction ID: bf7dafe7367ff5f5b27af3338591bad6dd693e703b5e86d4a309b698cfd2c608
                                                                • Opcode Fuzzy Hash: 1f20e64b6973a36220a350def02388b6141f446362461056f5857fe0ce2b0dbf
                                                                • Instruction Fuzzy Hash: 12A01270143100CB43004F345E4420837985B442803050814E004C0520DB7440C46A00
                                                                Function 00151770 Relevance: .0, Instructions: 15COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cad9205f6bd199fce5879b9ba951cc8ad459025a51b17c9d4c88020f3c18893c
                                                                • Instruction ID: 98eafffb1301a121bbe929b7b333a97daa8768aa38300c84abd73215c6f6866f
                                                                • Opcode Fuzzy Hash: cad9205f6bd199fce5879b9ba951cc8ad459025a51b17c9d4c88020f3c18893c
                                                                • Instruction Fuzzy Hash: FBD0923A645A58EFC210CF49E840D41F7B8FB8D670B168166EA4893B20C371FC11CAE0
                                                                Function 0015F878 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 248COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCPInfo.KERNEL32(01580560,01580560,00000000,7FFFFFFF,?,0015F863,01580560,01580560,00000000,01580560,?,?,?,?,01580560,00000000), ref: 0015F91E
                                                                • __alloca_probe_16.LIBCMT ref: 0015F9D9
                                                                • __alloca_probe_16.LIBCMT ref: 0015FA68
                                                                • __freea.LIBCMT ref: 0015FAB3
                                                                • __freea.LIBCMT ref: 0015FAB9
                                                                • __freea.LIBCMT ref: 0015FAEF
                                                                • __freea.LIBCMT ref: 0015FAF5
                                                                • __freea.LIBCMT ref: 0015FB05
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: __freea$__alloca_probe_16$Info
                                                                • String ID: o]\^
                                                                • API String ID: 127012223-3166235393
                                                                • Opcode ID: e016de4fcb9aa732c2c2614ce2cb263dc3ed8bc039ca751f36dcbc7f8d003e34
                                                                • Instruction ID: a647d088bb42f3b931acc8a0c3a0ecd21a67c34ef3d9d756550cf09658b59eb5
                                                                • Opcode Fuzzy Hash: e016de4fcb9aa732c2c2614ce2cb263dc3ed8bc039ca751f36dcbc7f8d003e34
                                                                • Instruction Fuzzy Hash: B771D372904206EBDF209E64CC92FAE77A99F45316F29002DFD35AF281E7359C4A8791
                                                                Function 00155C80 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 122COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _ValidateLocalCookies.LIBCMT ref: 00155CB7
                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 00155CBF
                                                                • _ValidateLocalCookies.LIBCMT ref: 00155D48
                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 00155D73
                                                                • _ValidateLocalCookies.LIBCMT ref: 00155DC8
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                • String ID: csm$o]\^
                                                                • API String ID: 1170836740-2445782091
                                                                • Opcode ID: 11d728f961d2228de6224caa0d7e390a794cbde9e0e42c374779170c1a64b99a
                                                                • Instruction ID: c52cfdc71f1310df33c4aa1bf189bc8501025859cac4ead94dcfb8e4be1826be
                                                                • Opcode Fuzzy Hash: 11d728f961d2228de6224caa0d7e390a794cbde9e0e42c374779170c1a64b99a
                                                                • Instruction Fuzzy Hash: 6741E535A00618EBCF10DFA8CC98A9EBBF6EF44325F148055EC246F392D771A959CB91
                                                                Function 001546F6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 116threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentThreadId.KERNEL32 ref: 0015470A
                                                                • AcquireSRWLockExclusive.KERNEL32(?,?,00000000,00161B20,000000FF,?,00153552), ref: 00154729
                                                                • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,00161B20,000000FF,?,00153552), ref: 00154757
                                                                • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,00161B20,000000FF,?,00153552), ref: 001547B2
                                                                • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,00161B20,000000FF,?,00153552), ref: 001547C9
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: AcquireExclusiveLock$CurrentThread
                                                                • String ID: o]\^
                                                                • API String ID: 66001078-3166235393
                                                                • Opcode ID: 96a97554352cd825522b774b913abc54294437293fbcf39f1403d2fac46e0359
                                                                • Instruction ID: 970a6d57be234db18dedadf8c6886de895a46e81c70568fe3baf5834551fe974
                                                                • Opcode Fuzzy Hash: 96a97554352cd825522b774b913abc54294437293fbcf39f1403d2fac46e0359
                                                                • Instruction Fuzzy Hash: 7A414D35900646DFCB24DFA5C8819AAB3F5FF0A31AB10492AD876DBA40D730F9C8CB50
                                                                Function 00156A60 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,5E5C5D6F,?,?,00000000,00161B77,000000FF,?,00156B21,00000002,?,00156BBD,00157DE9), ref: 00156A95
                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00156AA7
                                                                • FreeLibrary.KERNEL32(00000000,?,?,00000000,00161B77,000000FF,?,00156B21,00000002,?,00156BBD,00157DE9), ref: 00156AC9
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                • String ID: CorExitProcess$mscoree.dll$o]\^
                                                                • API String ID: 4061214504-1772416451
                                                                • Opcode ID: 08d8cffead9dd2b7b754acad2ebe4fbe1db868d62e4142b3893f73fe679b3afb
                                                                • Instruction ID: 01634860fd176a5e4cffee62445cb874c9b275ef2a15f170a091ccf048df1644
                                                                • Opcode Fuzzy Hash: 08d8cffead9dd2b7b754acad2ebe4fbe1db868d62e4142b3893f73fe679b3afb
                                                                • Instruction Fuzzy Hash: A701AD31944619FFDB118F44CC09FAEBBB8FB04B55F484625FC22A36E0DBB49848CA80
                                                                Function 0015489F Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 15libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 001548A5
                                                                • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 001548B3
                                                                • GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 001548C4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: AddressProc$HandleModule
                                                                • String ID: GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                                • API String ID: 667068680-1047828073
                                                                • Opcode ID: c054290cf9f879d82b62dcf5daa1332ea5d29f3d350cc431fc2c0270bf83b218
                                                                • Instruction ID: 8bc92b233fca3da3cd9febb653260e86c75851f549ae4c472f1427250c59023c
                                                                • Opcode Fuzzy Hash: c054290cf9f879d82b62dcf5daa1332ea5d29f3d350cc431fc2c0270bf83b218
                                                                • Instruction Fuzzy Hash: A1D0A732687A20EFC3109F787C0D84B3FA5EB043413010611F401D2651DFF404D4CBA0
                                                                Function 0015DCA8 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 333fileCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetConsoleOutputCP.KERNEL32(5E5C5D6F,00000000,00000000,?), ref: 0015DD0B
                                                                  • Part of subcall function 0015C8A1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0015D6D0,?,00000000,-00000008), ref: 0015C902
                                                                • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0015DF5D
                                                                • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 0015DFA3
                                                                • GetLastError.KERNEL32 ref: 0015E046
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                • String ID: o]\^
                                                                • API String ID: 2112829910-3166235393
                                                                • Opcode ID: de7e207231e0be478a6cc8369e10e8280a1f444ff4e50be7177b4e31e669add0
                                                                • Instruction ID: 6b2e71619e016b156cb4e55558663dd5c09fdfdaf76330941888eeefdcf6ee2c
                                                                • Opcode Fuzzy Hash: de7e207231e0be478a6cc8369e10e8280a1f444ff4e50be7177b4e31e669add0
                                                                • Instruction Fuzzy Hash: 84D17D75E04248DFCB19CFA8D8809ADBBF5FF08315F18456AE826EB251D770A94ACB50
                                                                Function 00157F49 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLastError.KERNEL32(?,?,00157F40,00155A6B,00155180), ref: 00157F57
                                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00157F65
                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00157F7E
                                                                • SetLastError.KERNEL32(00000000,00157F40,00155A6B,00155180), ref: 00157FD0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: ErrorLastValue___vcrt_
                                                                • String ID:
                                                                • API String ID: 3852720340-0
                                                                • Opcode ID: fe3292abdbc2a064e8262e172abd83a72e31fe336157c13fe73ac0d8315d5590
                                                                • Instruction ID: cac63bb495994d82ad5034a0257f0075d9d8a00615ba86fc3bbe57a0a3e3d361
                                                                • Opcode Fuzzy Hash: fe3292abdbc2a064e8262e172abd83a72e31fe336157c13fe73ac0d8315d5590
                                                                • Instruction Fuzzy Hash: 1D01B17210C612EEA62567B5BC8682637A8DF5577B721022AFC305D4F1EF924C4E9650
                                                                Function 001587D9 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 301COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • type_info::operator==.LIBVCRUNTIME ref: 001588F8
                                                                • CallUnexpected.LIBVCRUNTIME ref: 00158B71
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: CallUnexpectedtype_info::operator==
                                                                • String ID: csm$csm$csm
                                                                • API String ID: 2673424686-393685449
                                                                • Opcode ID: a390cf1146019a269dba97e9d567752f07ce33b65321469457141ad7b6de027f
                                                                • Instruction ID: f7172af49ba3286e5c35d3b05d417f5cc6273c67cbaa8130cec910eab93b4e2a
                                                                • Opcode Fuzzy Hash: a390cf1146019a269dba97e9d567752f07ce33b65321469457141ad7b6de027f
                                                                • Instruction Fuzzy Hash: F0B17971800209EFCF18EFA4C8819AEB7B5FF54316B14415AEC217F252DB31DA5ACB91
                                                                Function 0015C2C4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • C:\Users\user\Desktop\drop1.exe, xrefs: 0015C2E0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: C:\Users\user\Desktop\drop1.exe
                                                                • API String ID: 0-1358265949
                                                                • Opcode ID: dcc2d88ac760f6055402bca616f3fc6c42575d4ad6332f9432584d75190d11a6
                                                                • Instruction ID: f820cfdf30ff0ffd4eb732678d15b3736b6d3b8079be05e677f7bd60c18f824e
                                                                • Opcode Fuzzy Hash: dcc2d88ac760f6055402bca616f3fc6c42575d4ad6332f9432584d75190d11a6
                                                                • Instruction Fuzzy Hash: 1E217971600309EFDB60AFB5CC8186B77A9BF1436A7108A15FD399A650DB31EC488BE1
                                                                Function 00151E00 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • std::_Throw_Cpp_error.LIBCPMT ref: 00151E2D
                                                                • GetCurrentThreadId.KERNEL32 ref: 00151E3B
                                                                • std::_Throw_Cpp_error.LIBCPMT ref: 00151E54
                                                                • std::_Throw_Cpp_error.LIBCPMT ref: 00151E93
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: Cpp_errorThrow_std::_$CurrentThread
                                                                • String ID: o]\^
                                                                • API String ID: 2261580123-3166235393
                                                                • Opcode ID: 0a95372b50a959d26268eb43e90bc4524b5754f4dd07103aba3af408184bf890
                                                                • Instruction ID: c7c620c443b262f92ee134b4b1a42cfbfac8b0889db92cfb77f46c901462de2c
                                                                • Opcode Fuzzy Hash: 0a95372b50a959d26268eb43e90bc4524b5754f4dd07103aba3af408184bf890
                                                                • Instruction Fuzzy Hash: 9D21C3B0D04209DFCB05EFA8C5827ADBBF1EF58301F01845DE869AB351D7349945CB51
                                                                Function 0015B45D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 98COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __alloca_probe_16.LIBCMT ref: 0015B4CF
                                                                • GetStringTypeW.KERNEL32(?,-00000008,00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,00000083), ref: 0015B527
                                                                • __freea.LIBCMT ref: 0015B534
                                                                  • Part of subcall function 0015B3B5: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00153C34,?,?,00152442,00001000,?,001523AA), ref: 0015B3E7
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: AllocateHeapStringType__alloca_probe_16__freea
                                                                • String ID: o]\^
                                                                • API String ID: 2035984020-3166235393
                                                                • Opcode ID: 09a855bb9808086d84e23918da26d4fe3a016140a560854f966093f108987a7b
                                                                • Instruction ID: aa118b2f75b81d6c885eb7d12c602e26cfc831f669558f74c8c66fe039500770
                                                                • Opcode Fuzzy Hash: 09a855bb9808086d84e23918da26d4fe3a016140a560854f966093f108987a7b
                                                                • Instruction Fuzzy Hash: BF31EF7290520AEBCF249F65DC85EAF7BA4EF04312F050128FD24AB251E730C959CBA0
                                                                Function 0015C1E8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 0015C20D
                                                                • GetLastError.KERNEL32 ref: 0015C217
                                                                • __dosmaperr.LIBCMT ref: 0015C21E
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: ErrorFileLastModuleName__dosmaperr
                                                                • String ID: o]\^
                                                                • API String ID: 4076908705-3166235393
                                                                • Opcode ID: fa59a4fd0d1772cf345b591796997dc2659041d45b8c57bc00962fd79e90b6c2
                                                                • Instruction ID: e55ddff36fb60166e7b5f3614a53d988053a6e9bd1d2fea7863309ee5b2bda08
                                                                • Opcode Fuzzy Hash: fa59a4fd0d1772cf345b591796997dc2659041d45b8c57bc00962fd79e90b6c2
                                                                • Instruction Fuzzy Hash: 3B111B7194421CEFCB14DFA4DC89BDEB7B8AF18305F104599E519EB241DB709A888F94
                                                                Function 0015D200 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,0015D29C,00000000,?,0016B728,?,?,?,0015D1D3,00000004,InitializeCriticalSectionEx,00163740,00163748), ref: 0015D20D
                                                                • GetLastError.KERNEL32(?,0015D29C,00000000,?,0016B728,?,?,?,0015D1D3,00000004,InitializeCriticalSectionEx,00163740,00163748,00000000,?,00158E2C), ref: 0015D217
                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 0015D23F
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: LibraryLoad$ErrorLast
                                                                • String ID: api-ms-
                                                                • API String ID: 3177248105-2084034818
                                                                • Opcode ID: dc9c63275c9cc81072b38e553692661cad6a234b85cae9f0b01937466068bd97
                                                                • Instruction ID: 0740963549d63a84086d67044fd1b057db9f0b9ed016614e024f0cccf654ce5b
                                                                • Opcode Fuzzy Hash: dc9c63275c9cc81072b38e553692661cad6a234b85cae9f0b01937466068bd97
                                                                • Instruction Fuzzy Hash: D3E01A70684208F6EF211B60EC06B683B649B50B52F144420FD1CEC4E1DBB1E9989684
                                                                Function 00158500 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: AdjustPointer
                                                                • String ID:
                                                                • API String ID: 1740715915-0
                                                                • Opcode ID: 53f11087109a5052f6ae147a0246b928f50c61d9c8ffbbee61b49133fd353405
                                                                • Instruction ID: d8eb11bf36a50ee99364f4ac6ca9f7ee7fe6f53640dc94bfb7a38abc3045cafe
                                                                • Opcode Fuzzy Hash: 53f11087109a5052f6ae147a0246b928f50c61d9c8ffbbee61b49133fd353405
                                                                • Instruction Fuzzy Hash: 7051B172A01606DFDB298F54D851BBA77A5EF14312F14452DEC226F291EF31EC48DB90
                                                                Function 0015BD28 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0015C8A1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0015D6D0,?,00000000,-00000008), ref: 0015C902
                                                                • GetLastError.KERNEL32(?,?,?,00000000,00000000,?,0015C0CE,?,?,?,00000000), ref: 0015BD8C
                                                                • __dosmaperr.LIBCMT ref: 0015BD93
                                                                • GetLastError.KERNEL32(00000000,0015C0CE,?,?,00000000,?,?,?,00000000,00000000,?,0015C0CE,?,?,?,00000000), ref: 0015BDCD
                                                                • __dosmaperr.LIBCMT ref: 0015BDD4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                • String ID:
                                                                • API String ID: 1913693674-0
                                                                • Opcode ID: 768dce0a0226fb928dabc562debb6f9c58838720252145585697f8109234f09a
                                                                • Instruction ID: 9347f97cb91ecc8e2d2ee2db85261ec645f27f5f25303bc3bd947c7335166cf6
                                                                • Opcode Fuzzy Hash: 768dce0a0226fb928dabc562debb6f9c58838720252145585697f8109234f09a
                                                                • Instruction Fuzzy Hash: 61217171608206EFDB20AFA588D196AB7B9EF5436A7108518FC399F150D774EC488B91
                                                                Function 0015C99D Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetEnvironmentStringsW.KERNEL32 ref: 0015C9A5
                                                                  • Part of subcall function 0015C8A1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0015D6D0,?,00000000,-00000008), ref: 0015C902
                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0015C9DD
                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0015C9FD
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                • String ID:
                                                                • API String ID: 158306478-0
                                                                • Opcode ID: 3b393c431af804323b168bbcdb940bb0afa7689bdf38004d0c4e6f9dfdb279b2
                                                                • Instruction ID: 61fb07344a6766c9f179a02fa4b707177df91b9cfc7cbaf258909519d9eb56a4
                                                                • Opcode Fuzzy Hash: 3b393c431af804323b168bbcdb940bb0afa7689bdf38004d0c4e6f9dfdb279b2
                                                                • Instruction Fuzzy Hash: 7A11E1E1905319FE6611ABB19C89CAF2D6CDEA47AB3500425FC21EA140FBA08D4982F1
                                                                Function 0015FD00 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000,?,0015F4A1,00000000,00000001,00000000,?,?,0015E09A,?,00000000,00000000), ref: 0015FD17
                                                                • GetLastError.KERNEL32(?,0015F4A1,00000000,00000001,00000000,?,?,0015E09A,?,00000000,00000000,?,?,?,0015D9E0,00000000), ref: 0015FD23
                                                                  • Part of subcall function 0015FD74: CloseHandle.KERNEL32(FFFFFFFE,0015FD33,?,0015F4A1,00000000,00000001,00000000,?,?,0015E09A,?,00000000,00000000,?,?), ref: 0015FD84
                                                                • ___initconout.LIBCMT ref: 0015FD33
                                                                  • Part of subcall function 0015FD55: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0015FCF1,0015F48E,?,?,0015E09A,?,00000000,00000000,?), ref: 0015FD68
                                                                • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,?,0015F4A1,00000000,00000001,00000000,?,?,0015E09A,?,00000000,00000000,?), ref: 0015FD48
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                • String ID:
                                                                • API String ID: 2744216297-0
                                                                • Opcode ID: 5567f1d2d1a8a3bc1b502ed934ac26cfb4ab25ef10b84a11c24360233e18c84b
                                                                • Instruction ID: c8c94e792dd0bf8339a0d14af09ad6adc9404ad4d47833385aa0d533ac4c98cf
                                                                • Opcode Fuzzy Hash: 5567f1d2d1a8a3bc1b502ed934ac26cfb4ab25ef10b84a11c24360233e18c84b
                                                                • Instruction Fuzzy Hash: 37F0C036540116FBCF221FD5DC0CA9A3F36FF093A2B444524FE199A530DBB288A5AB91
                                                                Function 00154F01 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetSystemTimeAsFileTime.KERNEL32(?), ref: 00154F13
                                                                • GetCurrentThreadId.KERNEL32 ref: 00154F22
                                                                • GetCurrentProcessId.KERNEL32 ref: 00154F2B
                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 00154F38
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                • String ID:
                                                                • API String ID: 2933794660-0
                                                                • Opcode ID: 7b954de386896378882926df1ed635ae4a85ae26c6936cf0850de0c5f5163c1b
                                                                • Instruction ID: 3f68e3fad3b23c1d2f4848b9fae4bb3875d810951dc8425136ebcd35a99a0fda
                                                                • Opcode Fuzzy Hash: 7b954de386896378882926df1ed635ae4a85ae26c6936cf0850de0c5f5163c1b
                                                                • Instruction Fuzzy Hash: 4DF06274D1020DEBCB00DBF4DA49A9EBBF4FF1C205B914A95E412E7510EB70AB889B51
                                                                Function 00158BFD Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 125COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,00158AFE,?,?,00000000,00000000,00000000,?), ref: 00158C22
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: EncodePointer
                                                                • String ID: MOC$RCC
                                                                • API String ID: 2118026453-2084237596
                                                                • Opcode ID: 5f7981c4fa009a6a7a456f0bba9998c476e7e2e7dc7ee1180df25607619372b3
                                                                • Instruction ID: 6fe9471d616c4e11f3ecdf86c0b1150bcf293f23e1d70f62b4fc71075624e3e3
                                                                • Opcode Fuzzy Hash: 5f7981c4fa009a6a7a456f0bba9998c476e7e2e7dc7ee1180df25607619372b3
                                                                • Instruction Fuzzy Hash: E6417671900209EFCF15DF98C881AEEBBB5BF18305F184159FD25BA291D735AA54CB60
                                                                Function 0015E29B Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104fileCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • WriteFile.KERNEL32(?,?,00000000,?,00000000,0015DA55,00000000,0015AE95,?,00000000,?,00000000,00000000,00000000,?,?), ref: 0015E384
                                                                • GetLastError.KERNEL32(0015DA55,00000000,0015AE95,?,00000000,?,00000000,00000000,00000000,?,?,00000000,?,?,0015AC51,?), ref: 0015E3B4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: ErrorFileLastWrite
                                                                • String ID: o]\^
                                                                • API String ID: 442123175-3166235393
                                                                • Opcode ID: 7237bb3f3961c07c2bc859a5e3a13726d47f502221e6cf5510e545824eec499c
                                                                • Instruction ID: 5cb5cabd2c3c7c3d99e1d5443d108718da2a41ccdd816d2d1aeed979155fd2a1
                                                                • Opcode Fuzzy Hash: 7237bb3f3961c07c2bc859a5e3a13726d47f502221e6cf5510e545824eec499c
                                                                • Instruction Fuzzy Hash: F6318371B00219EFDB28CF69DC91AEAB7F9BB44311F1444A9E915DB290D770EE848B60
                                                                Function 00158469 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 001586E0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: ___except_validate_context_record
                                                                • String ID: csm$csm
                                                                • API String ID: 3493665558-3733052814
                                                                • Opcode ID: 9e6b565f10564cbc0613981958a1e449d96bfa85ca6e174167199685a1563d02
                                                                • Instruction ID: f5d700c8c68a8129b56df9c1a780eb9cfd2526b1aee7ef211b0c1cf052c6799d
                                                                • Opcode Fuzzy Hash: 9e6b565f10564cbc0613981958a1e449d96bfa85ca6e174167199685a1563d02
                                                                • Instruction Fuzzy Hash: B131B036400219DBCF269F50CC449AA7BA6FF0C317B38455AFD646D221DB32CCA9DB91
                                                                Function 0015E1B2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82fileCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • WriteFile.KERNEL32(?,?,?,?,00000000,00000000,00000000,?,?,0015DA3E,00000000,0015AE95,?,00000000,?,00000000), ref: 0015E25C
                                                                • GetLastError.KERNEL32(?,0015DA3E,00000000,0015AE95,?,00000000,?,00000000,00000000,00000000,?,?,00000000,?,?,0015AC51), ref: 0015E282
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: ErrorFileLastWrite
                                                                • String ID: o]\^
                                                                • API String ID: 442123175-3166235393
                                                                • Opcode ID: 1e5253bb5f8ed0ba813c0172b5948714b772f70331498fee0b251b9d81136c3b
                                                                • Instruction ID: ff3bc77c0fb3c831fff1eb1e15642df910083a212c074d8e4a816a072fe2e59b
                                                                • Opcode Fuzzy Hash: 1e5253bb5f8ed0ba813c0172b5948714b772f70331498fee0b251b9d81136c3b
                                                                • Instruction Fuzzy Hash: 72219171E00218DBCB28CF19DC809AAB3F9EF48315F1444AAED19DB250D7309E85CF90
                                                                Function 0015E0D7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80fileCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • WriteFile.KERNEL32(?,?,?,?,00000000,00000000,00000000,?,?,0015DA69,00000000,0015AE95,?,00000000,?,00000000), ref: 0015E173
                                                                • GetLastError.KERNEL32(?,0015DA69,00000000,0015AE95,?,00000000,?,00000000,00000000,00000000,?,?,00000000,?,?,0015AC51), ref: 0015E199
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: ErrorFileLastWrite
                                                                • String ID: o]\^
                                                                • API String ID: 442123175-3166235393
                                                                • Opcode ID: e227e23a095440df3f68802e697218ac18ba66ce20672f52d9fdc41ba94ff530
                                                                • Instruction ID: b343edaec57606f52c3d5333c698c998f9543c5544f89994a653983c6aa3f80b
                                                                • Opcode Fuzzy Hash: e227e23a095440df3f68802e697218ac18ba66ce20672f52d9fdc41ba94ff530
                                                                • Instruction Fuzzy Hash: 91218075A00218DBCB19CF29DDD09E9B7F9EB4C306F1444AAED16DB211D7309E8A8F60
                                                                Function 00153C8E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 001544C7
                                                                • ___raise_securityfailure.LIBCMT ref: 001545AF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2011655984.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000000.00000002.2011642770.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011671915.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011685207.000000000016A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011715778.000000000016B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011746244.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2011805247.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                • String ID: o]\^
                                                                • API String ID: 3761405300-3166235393
                                                                • Opcode ID: 1745e7e1a9880204a2a4f2beae0bef462cca9df768711bb21a531daea7c018a4
                                                                • Instruction ID: 04a738d5a184fac84fa8f6dc8320cb8ff270a1ae0d7927797f7273a59040e9f1
                                                                • Opcode Fuzzy Hash: 1745e7e1a9880204a2a4f2beae0bef462cca9df768711bb21a531daea7c018a4
                                                                • Instruction Fuzzy Hash: 1C21D8B5549208EAD700DF58FDA6A593BE4BB08304F10812EE908CABB0E7F4A9C48F45

                                                                Execution Graph

                                                                Execution Coverage:10.4%
                                                                Dynamic/Decrypted Code Coverage:0%
                                                                Signature Coverage:1.5%
                                                                Total number of Nodes:1808
                                                                Total number of Limit Nodes:86
                                                                execution_graph 56878 49c50a 56879 49c517 56878->56879 56883 49c52f 56878->56883 56935 4950d4 14 API calls __dosmaperr 56879->56935 56881 49c51c 56936 497d29 41 API calls __wsopen_s 56881->56936 56884 49c58e 56883->56884 56892 49c527 56883->56892 56937 49e8bd 14 API calls 2 library calls 56883->56937 56898 498cea 56884->56898 56887 49c5a7 56905 49edf5 56887->56905 56890 498cea __fread_nolock 41 API calls 56891 49c5e0 56890->56891 56891->56892 56893 498cea __fread_nolock 41 API calls 56891->56893 56894 49c5ee 56893->56894 56894->56892 56895 498cea __fread_nolock 41 API calls 56894->56895 56896 49c5fc 56895->56896 56897 498cea __fread_nolock 41 API calls 56896->56897 56897->56892 56899 498d0b 56898->56899 56900 498cf6 56898->56900 56899->56887 56938 4950d4 14 API calls __dosmaperr 56900->56938 56902 498cfb 56939 497d29 41 API calls __wsopen_s 56902->56939 56904 498d06 56904->56887 56906 49ee01 __FrameHandler3::FrameUnwindToState 56905->56906 56907 49ee09 56906->56907 56912 49ee24 56906->56912 57006 4950c1 14 API calls __dosmaperr 56907->57006 56909 49ee0e 57007 4950d4 14 API calls __dosmaperr 56909->57007 56911 49ee3b 57008 4950c1 14 API calls __dosmaperr 56911->57008 56912->56911 56913 49ee76 56912->56913 56916 49ee7f 56913->56916 56917 49ee94 56913->56917 56915 49ee40 57009 4950d4 14 API calls __dosmaperr 56915->57009 57011 4950c1 14 API calls __dosmaperr 56916->57011 56940 4a2e7b EnterCriticalSection 56917->56940 56921 49ee48 57010 497d29 41 API calls __wsopen_s 56921->57010 56922 49ee84 57012 4950d4 14 API calls __dosmaperr 56922->57012 56923 49ee9a 56924 49eeb9 56923->56924 56925 49eece 56923->56925 57013 4950d4 14 API calls __dosmaperr 56924->57013 56941 49ef0e 56925->56941 56930 49eebe 57014 4950c1 14 API calls __dosmaperr 56930->57014 56931 49eec9 57015 49ef06 LeaveCriticalSection __wsopen_s 56931->57015 56934 49c5af 56934->56890 56934->56892 56935->56881 56936->56892 56937->56884 56938->56902 56939->56904 56940->56923 56942 49ef38 56941->56942 56943 49ef20 56941->56943 56945 49f27a 56942->56945 56950 49ef7b 56942->56950 57025 4950c1 14 API calls __dosmaperr 56943->57025 57053 4950c1 14 API calls __dosmaperr 56945->57053 56946 49ef25 57026 4950d4 14 API calls __dosmaperr 56946->57026 56949 49f27f 57054 4950d4 14 API calls __dosmaperr 56949->57054 56951 49ef2d 56950->56951 56953 49ef86 56950->56953 56959 49efb6 56950->56959 56951->56931 57027 4950c1 14 API calls __dosmaperr 56953->57027 56955 49ef8b 57028 4950d4 14 API calls __dosmaperr 56955->57028 56958 49efcf 56962 49efdc 56958->56962 56966 49eff8 56958->56966 56959->56958 56961 49f00a 56959->56961 56959->56962 56960 49ef93 57055 497d29 41 API calls __wsopen_s 56960->57055 57032 49d15a 56961->57032 57029 4950c1 14 API calls __dosmaperr 56962->57029 56965 49efe1 57030 4950d4 14 API calls __dosmaperr 56965->57030 57016 4a652f 56966->57016 56971 49efe8 57031 497d29 41 API calls __wsopen_s 56971->57031 56972 49f156 56975 49f1ca 56972->56975 56978 49f16f GetConsoleMode 56972->56978 56977 49f1ce ReadFile 56975->56977 56976 49c0bd ___free_lconv_mon 14 API calls 56979 49f02b 56976->56979 56980 49f242 GetLastError 56977->56980 56981 49f1e6 56977->56981 56978->56975 56982 49f180 56978->56982 56983 49f050 56979->56983 56984 49f035 56979->56984 56985 49f24f 56980->56985 56986 49f1a6 56980->56986 56981->56980 56987 49f1bf 56981->56987 56982->56977 56988 49f186 ReadConsoleW 56982->56988 57047 49f49f 43 API calls __wsopen_s 56983->57047 57045 4950d4 14 API calls __dosmaperr 56984->57045 57051 4950d4 14 API calls __dosmaperr 56985->57051 57003 49eff3 __fread_nolock 56986->57003 57048 49507a 14 API calls 2 library calls 56986->57048 56999 49f20b 56987->56999 57000 49f222 56987->57000 56987->57003 56988->56987 56989 49f1a0 GetLastError 56988->56989 56989->56986 56990 49c0bd ___free_lconv_mon 14 API calls 56990->56951 56995 49f03a 57046 4950c1 14 API calls __dosmaperr 56995->57046 56996 49f254 57052 4950c1 14 API calls __dosmaperr 56996->57052 57049 49ec20 46 API calls 5 library calls 56999->57049 57002 49f23b 57000->57002 57000->57003 57050 49ea66 44 API calls __wsopen_s 57002->57050 57003->56990 57005 49f240 57005->57003 57006->56909 57007->56934 57008->56915 57009->56921 57010->56934 57011->56922 57012->56921 57013->56930 57014->56931 57015->56934 57017 4a6549 57016->57017 57018 4a653c 57016->57018 57021 4a6555 57017->57021 57057 4950d4 14 API calls __dosmaperr 57017->57057 57056 4950d4 14 API calls __dosmaperr 57018->57056 57020 4a6541 57020->56972 57021->56972 57023 4a6576 57058 497d29 41 API calls __wsopen_s 57023->57058 57025->56946 57026->56951 57027->56955 57028->56960 57029->56965 57030->56971 57031->57003 57033 49d198 57032->57033 57037 49d168 _strftime 57032->57037 57060 4950d4 14 API calls __dosmaperr 57033->57060 57034 49d183 RtlAllocateHeap 57036 49d196 57034->57036 57034->57037 57039 49c0bd 57036->57039 57037->57033 57037->57034 57059 4a6cfd EnterCriticalSection LeaveCriticalSection std::_Facet_Register 57037->57059 57040 49c0c8 RtlFreeHeap 57039->57040 57044 49c0f2 57039->57044 57041 49c0dd GetLastError 57040->57041 57040->57044 57042 49c0ea __dosmaperr 57041->57042 57061 4950d4 14 API calls __dosmaperr 57042->57061 57044->56976 57045->56995 57046->57003 57047->56966 57048->57003 57049->57003 57050->57005 57051->56996 57052->57003 57053->56949 57054->56960 57055->56951 57056->57020 57057->57023 57058->57020 57059->57037 57060->57036 57061->57044 57062 45b200 57063 45b234 57062->57063 57064 45b270 57062->57064 57067 44ec30 41 API calls 57063->57067 57065 45b2a0 57064->57065 57066 45b278 57064->57066 57076 44ec30 57065->57076 57068 45b296 57066->57068 57069 45b289 57066->57069 57073 45b23c 57067->57073 57085 467ce0 41 API calls 2 library calls 57068->57085 57071 44ec30 41 API calls 57069->57071 57074 45b290 57071->57074 57086 44d3b0 57073->57086 57077 44d3b0 41 API calls 57076->57077 57078 44ec9c 57077->57078 57119 4abc08 57078->57119 57080 44ecae 57133 44bad0 57080->57133 57082 44ecc8 57149 4abbf5 57082->57149 57084 44ecfd 57084->57073 57085->57074 57087 44d3fb 57086->57087 57089 44d495 57087->57089 57090 44d43f 57087->57090 57092 44d5f6 57087->57092 57114 44d633 error_info_injector 57087->57114 57088 4abbf5 CatchGuardHandler 5 API calls 57091 44d694 57088->57091 57093 44d69d 57089->57093 57094 44d4aa 57089->57094 57109 44d4b6 57089->57109 57090->57093 57095 44d463 57090->57095 57115 44d46f 57090->57115 57091->57074 57096 44d655 57092->57096 57097 44d660 57092->57097 57098 44d61a 57092->57098 57099 44d64a 57092->57099 57092->57114 57207 449730 41 API calls 57093->57207 57194 452540 41 API calls 2 library calls 57094->57194 57192 452540 41 API calls 2 library calls 57095->57192 57187 44d060 57096->57187 57200 454ec0 57097->57200 57198 452630 41 API calls error_info_injector 57098->57198 57199 44de70 41 API calls error_info_injector 57099->57199 57104 44d5e4 57197 44de70 41 API calls error_info_injector 57104->57197 57118 44d490 57109->57118 57195 451c60 41 API calls 57109->57195 57113 44aa40 41 API calls 57113->57118 57114->57088 57115->57118 57193 451c60 41 API calls 57115->57193 57116 451c60 41 API calls 57116->57118 57118->57104 57118->57113 57118->57116 57196 452630 41 API calls error_info_injector 57118->57196 57121 4abc0d 57119->57121 57122 4abc27 57121->57122 57124 4abc29 57121->57124 57156 497e9c 57121->57156 57172 4a6cfd EnterCriticalSection LeaveCriticalSection std::_Facet_Register 57121->57172 57122->57080 57125 434f80 Concurrency::cancel_current_task 57124->57125 57126 4abc33 Concurrency::cancel_current_task 57124->57126 57163 4afa0c RaiseException 57125->57163 57173 4afa0c RaiseException 57126->57173 57129 434f9c 57164 4ad3de 57129->57164 57130 4acede 57134 44bafc 57133->57134 57135 44bbae 57134->57135 57140 44bb0d 57134->57140 57180 4350b0 57135->57180 57136 44bb12 __Strxfrm 57136->57082 57138 44bbb3 57183 434f80 41 API calls 2 library calls 57138->57183 57140->57136 57141 44bb3a 57140->57141 57144 44bb82 57140->57144 57145 44bb79 57140->57145 57142 4abc08 std::_Facet_Register 41 API calls 57141->57142 57143 44bb4d 57142->57143 57143->57136 57184 497d39 41 API calls 2 library calls 57143->57184 57147 4abc08 std::_Facet_Register 41 API calls 57144->57147 57145->57138 57145->57141 57147->57136 57150 4abbfe IsProcessorFeaturePresent 57149->57150 57151 4abbfd 57149->57151 57153 4ac011 57150->57153 57151->57084 57186 4abfd4 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 57153->57186 57155 4ac0f4 57155->57084 57161 49d15a _strftime 57156->57161 57157 49d198 57175 4950d4 14 API calls __dosmaperr 57157->57175 57158 49d183 RtlAllocateHeap 57160 49d196 57158->57160 57158->57161 57160->57121 57161->57157 57161->57158 57174 4a6cfd EnterCriticalSection LeaveCriticalSection std::_Facet_Register 57161->57174 57163->57129 57165 4ad3eb 57164->57165 57171 434ff6 57164->57171 57166 497e9c ___std_exception_copy 15 API calls 57165->57166 57165->57171 57167 4ad408 57166->57167 57170 4ad418 57167->57170 57176 49826d 41 API calls 2 library calls 57167->57176 57177 497357 57170->57177 57171->57080 57172->57121 57173->57130 57174->57161 57175->57160 57176->57170 57178 49c0bd ___free_lconv_mon 14 API calls 57177->57178 57179 49736f 57178->57179 57179->57171 57185 4b9061 41 API calls 2 library calls 57180->57185 57183->57143 57186->57155 57188 44d0a8 error_info_injector 57187->57188 57189 44d08d 57187->57189 57188->57114 57189->57188 57208 497d39 41 API calls 2 library calls 57189->57208 57192->57115 57193->57115 57194->57109 57195->57109 57196->57118 57197->57092 57198->57114 57199->57114 57201 454eeb 57200->57201 57202 454f08 error_info_injector 57200->57202 57201->57202 57209 497d39 41 API calls 2 library calls 57201->57209 57202->57114 57210 486f20 GetCurrentHwProfileW 57211 487050 57210->57211 57212 486f94 57210->57212 57233 4517f0 57211->57233 57222 47a340 57212->57222 57215 48704e 57219 4abbf5 CatchGuardHandler 5 API calls 57215->57219 57216 486fa2 57217 486ffb 57216->57217 57232 49054d 45 API calls 57216->57232 57218 44d060 41 API calls 57217->57218 57218->57215 57220 48709c 57219->57220 57223 47a3b5 57222->57223 57224 47a394 57222->57224 57248 43fda0 57223->57248 57225 4abbf5 CatchGuardHandler 5 API calls 57224->57225 57227 47a426 57225->57227 57227->57216 57228 47a3e9 57253 47a430 43 API calls CatchGuardHandler 57228->57253 57230 47a3fa 57254 44cfd0 57230->57254 57232->57216 57234 4518bd 57233->57234 57239 451810 57233->57239 57235 4350b0 41 API calls 57234->57235 57237 4518c2 57235->57237 57236 451844 57241 4abc08 std::_Facet_Register 41 API calls 57236->57241 57260 434f80 41 API calls 2 library calls 57237->57260 57239->57236 57240 451815 __Strxfrm 57239->57240 57243 451883 57239->57243 57244 45188c 57239->57244 57240->57215 57242 451857 57241->57242 57242->57240 57261 497d39 41 API calls 2 library calls 57242->57261 57243->57236 57243->57237 57245 4abc08 std::_Facet_Register 41 API calls 57244->57245 57245->57240 57249 43fe3f 57248->57249 57252 43fdbf __Strxfrm 57248->57252 57250 4350b0 41 API calls 57249->57250 57251 43fe44 57250->57251 57252->57228 57253->57230 57255 44cffd 57254->57255 57256 44d01e error_info_injector 57254->57256 57255->57256 57259 497d39 41 API calls 2 library calls 57255->57259 57256->57224 57260->57242 57262 459bad 57358 460ac0 57262->57358 57264 45a514 57486 4540f0 57264->57486 57266 44d060 41 API calls 57268 45a508 57266->57268 57267 45a523 57269 4abbf5 CatchGuardHandler 5 API calls 57267->57269 57270 44d060 41 API calls 57268->57270 57271 45a53d 57269->57271 57270->57264 57272 455090 43 API calls 57290 459bca 57272->57290 57273 459d7e 57374 455090 57273->57374 57274 459a9e 57278 455090 43 API calls 57274->57278 57276 45a060 57280 4517f0 41 API calls 57276->57280 57277 459fb4 57281 4517f0 41 API calls 57277->57281 57323 4599f3 57278->57323 57284 45a084 57280->57284 57285 459fd8 57281->57285 57282 459d92 57388 4632d0 57282->57388 57283 45a1b8 57287 4517f0 41 API calls 57283->57287 57288 4543f0 46 API calls 57284->57288 57401 4543f0 57285->57401 57292 45a1dc 57287->57292 57294 45a09c 57288->57294 57290->57272 57290->57273 57290->57274 57290->57276 57290->57277 57296 45c700 41 API calls 57290->57296 57348 45a057 57290->57348 57291 459da8 57298 455090 43 API calls 57291->57298 57299 4543f0 46 API calls 57292->57299 57293 4517f0 41 API calls 57300 45a47a 57293->57300 57301 459790 41 API calls 57294->57301 57296->57290 57304 459db8 57298->57304 57305 45a1f4 57299->57305 57306 4543f0 46 API calls 57300->57306 57302 45a0c1 57301->57302 57307 454730 46 API calls 57302->57307 57309 459dc4 57304->57309 57310 45a10c 57304->57310 57311 459790 41 API calls 57305->57311 57312 45a492 57306->57312 57314 45a0d6 57307->57314 57317 455090 43 API calls 57309->57317 57316 4517f0 41 API calls 57310->57316 57318 45a219 57311->57318 57313 459790 41 API calls 57312->57313 57319 45a4b7 57313->57319 57320 45a590 41 API calls 57314->57320 57322 45a130 57316->57322 57317->57323 57324 454730 46 API calls 57318->57324 57326 454730 46 API calls 57319->57326 57327 45a0e5 57320->57327 57329 4543f0 46 API calls 57322->57329 57323->57293 57325 45a22e 57324->57325 57330 45a590 41 API calls 57325->57330 57331 45a4cc 57326->57331 57332 44d060 41 API calls 57327->57332 57334 45a148 57329->57334 57335 45a23d 57330->57335 57336 45a590 41 API calls 57331->57336 57337 45a0f4 57332->57337 57333 44d060 41 API calls 57338 45a048 57333->57338 57339 459790 41 API calls 57334->57339 57340 44d060 41 API calls 57335->57340 57341 45a4db 57336->57341 57342 438d50 14 API calls 57337->57342 57481 438d50 57338->57481 57344 45a16d 57339->57344 57346 45a24c 57340->57346 57347 44d060 41 API calls 57341->57347 57342->57348 57345 454730 46 API calls 57344->57345 57349 45a182 57345->57349 57350 438d50 14 API calls 57346->57350 57351 45a4ea 57347->57351 57348->57264 57348->57266 57352 45a590 41 API calls 57349->57352 57350->57348 57353 438d50 14 API calls 57351->57353 57354 45a191 57352->57354 57353->57348 57355 44d060 41 API calls 57354->57355 57356 45a1a0 57355->57356 57357 438d50 14 API calls 57356->57357 57357->57348 57359 460b97 57358->57359 57360 460b0c 57358->57360 57362 460c12 57359->57362 57363 460b9f 57359->57363 57361 44d3b0 41 API calls 57360->57361 57367 460b3c 57361->57367 57366 44d3b0 41 API calls 57362->57366 57364 460bf0 57363->57364 57365 460bb0 57363->57365 57491 468060 41 API calls 2 library calls 57364->57491 57368 44d3b0 41 API calls 57365->57368 57370 460c42 57366->57370 57371 44d3b0 41 API calls 57367->57371 57373 460b8d 57368->57373 57372 44d3b0 41 API calls 57370->57372 57371->57373 57372->57373 57373->57290 57375 4550aa 57374->57375 57379 4550cb 57374->57379 57492 456790 57375->57492 57376 456790 43 API calls 57376->57379 57379->57376 57382 4550d2 57379->57382 57387 455124 57379->57387 57380 456790 43 API calls 57381 4550bd 57380->57381 57381->57382 57383 456790 43 API calls 57381->57383 57384 4abbf5 CatchGuardHandler 5 API calls 57382->57384 57383->57379 57385 4553ab 57384->57385 57385->57282 57385->57283 57386 456790 43 API calls 57386->57387 57387->57382 57387->57386 57389 46330e 57388->57389 57390 46336e 57389->57390 57391 46341a 57389->57391 57397 463342 57389->57397 57393 4abc08 std::_Facet_Register 41 API calls 57390->57393 57641 4351b0 41 API calls 57391->57641 57395 46338f 57393->57395 57396 44bad0 41 API calls 57395->57396 57398 4633ae 57396->57398 57397->57291 57618 44ca70 57398->57618 57400 4633c5 57400->57291 57402 4517f0 41 API calls 57401->57402 57403 454470 57402->57403 57404 4544b3 57403->57404 57649 457160 41 API calls 57403->57649 57406 4544c0 57404->57406 57655 4520f0 57404->57655 57410 4544ff 57406->57410 57416 454559 57406->57416 57407 454499 57650 44b9d0 57407->57650 57412 454730 46 API calls 57410->57412 57411 4544a7 57413 44d060 41 API calls 57411->57413 57414 45450f 57412->57414 57413->57404 57670 45a6d0 41 API calls 57414->57670 57416->57416 57419 4545bc 57416->57419 57671 4516d0 57416->57671 57417 454532 57418 44b9d0 41 API calls 57417->57418 57421 454541 57418->57421 57422 4520f0 41 API calls 57419->57422 57424 4545d2 __Strxfrm 57419->57424 57423 44d060 41 API calls 57421->57423 57422->57424 57430 45454d 57423->57430 57686 44b960 57424->57686 57426 45460a 57428 44b9d0 41 API calls 57426->57428 57427 44d060 41 API calls 57431 45462f 57427->57431 57428->57430 57429 45470c 57441 459790 57429->57441 57430->57427 57431->57429 57432 45469e 57431->57432 57433 4516d0 41 API calls 57431->57433 57434 4520f0 41 API calls 57432->57434 57435 4546b4 __Strxfrm 57432->57435 57433->57432 57434->57435 57436 44b960 41 API calls 57435->57436 57437 4546ef 57436->57437 57438 44b9d0 41 API calls 57437->57438 57439 4546fa 57438->57439 57440 44d060 41 API calls 57439->57440 57440->57429 57442 459817 57441->57442 57443 4517f0 41 API calls 57441->57443 57695 438b10 57442->57695 57443->57442 57446 4517f0 41 API calls 57447 459855 57446->57447 57714 438780 57447->57714 57452 44d060 41 API calls 57453 459894 57452->57453 57454 44d060 41 API calls 57453->57454 57455 4598a0 57454->57455 57456 44d060 41 API calls 57455->57456 57457 4598af 57456->57457 57458 44d060 41 API calls 57457->57458 57459 4598c9 57458->57459 57750 4386d0 57459->57750 57462 44d060 41 API calls 57463 45990a 57462->57463 57464 4abbf5 CatchGuardHandler 5 API calls 57463->57464 57465 459924 57464->57465 57466 454730 57465->57466 57467 454833 57466->57467 57471 4547c2 57466->57471 57468 4abbf5 CatchGuardHandler 5 API calls 57467->57468 57469 45484c 57468->57469 57474 45a590 57469->57474 57471->57467 57472 451e50 41 API calls 57471->57472 57473 44b960 41 API calls 57471->57473 57761 434bc0 46 API calls 57471->57761 57472->57471 57473->57471 57475 45a039 57474->57475 57476 45a5a8 57474->57476 57475->57333 57762 44d1a0 41 API calls 57476->57762 57478 45a5b3 57763 4afa0c RaiseException 57478->57763 57480 45a5c1 57764 4ad441 57481->57764 57484 4ad441 ___std_exception_destroy 14 API calls 57485 438db1 57484->57485 57485->57348 57487 45413b error_info_injector 57486->57487 57488 45411b 57486->57488 57487->57267 57488->57487 57768 497d39 41 API calls 2 library calls 57488->57768 57491->57373 57493 4567ac 57492->57493 57494 4567a6 57492->57494 57496 4567c0 57493->57496 57500 449e50 57493->57500 57495 4550af 57494->57495 57516 460310 57494->57516 57495->57379 57495->57380 57496->57494 57550 436640 57496->57550 57501 449e88 57500->57501 57503 449ef4 57501->57503 57504 449edc 57501->57504 57510 449e93 57501->57510 57502 4abbf5 CatchGuardHandler 5 API calls 57506 44a052 57502->57506 57505 494a65 43 API calls 57503->57505 57559 494a65 57504->57559 57514 449f2a __Strxfrm 57505->57514 57506->57496 57508 44a027 57509 44d060 41 API calls 57508->57509 57509->57510 57510->57502 57512 44a06b 57512->57508 57594 497466 43 API calls 4 library calls 57512->57594 57514->57508 57514->57512 57515 494a65 43 API calls 57514->57515 57579 451e50 57514->57579 57515->57514 57517 4604af 57516->57517 57518 46035f 57516->57518 57612 449730 41 API calls 57517->57612 57520 460379 57518->57520 57522 4603d4 57518->57522 57523 4603c4 57518->57523 57527 46038c __Strxfrm 57518->57527 57525 4abc08 std::_Facet_Register 41 API calls 57520->57525 57521 4604b4 57613 434f80 41 API calls 2 library calls 57521->57613 57526 4abc08 std::_Facet_Register 41 API calls 57522->57526 57523->57520 57523->57521 57525->57527 57526->57527 57530 460463 error_info_injector 57527->57530 57614 497d39 41 API calls 2 library calls 57527->57614 57530->57495 57551 436662 57550->57551 57552 43665a 57550->57552 57551->57494 57554 436672 57552->57554 57615 4afa0c RaiseException 57552->57615 57616 436560 41 API calls 57554->57616 57556 4366a8 57617 4afa0c RaiseException 57556->57617 57558 4366b7 std::ios_base::_Ios_base_dtor 57558->57494 57560 494a71 __FrameHandler3::FrameUnwindToState 57559->57560 57561 494a7b 57560->57561 57562 494a93 57560->57562 57603 4950d4 14 API calls __dosmaperr 57561->57603 57595 494ce8 EnterCriticalSection 57562->57595 57565 494a80 57604 497d29 41 API calls __wsopen_s 57565->57604 57566 494a9e 57568 498cea __fread_nolock 41 API calls 57566->57568 57571 494ab6 57566->57571 57568->57571 57569 494b1e 57605 4950d4 14 API calls __dosmaperr 57569->57605 57570 494b46 57596 494a29 57570->57596 57571->57569 57571->57570 57574 494b4c 57607 494b76 LeaveCriticalSection __fread_nolock 57574->57607 57575 494b23 57606 497d29 41 API calls __wsopen_s 57575->57606 57578 494a8b 57578->57510 57580 451e74 57579->57580 57581 451f7a 57579->57581 57585 451e8a 57580->57585 57586 451ee8 57580->57586 57587 451edb 57580->57587 57591 451e9a __Strxfrm 57580->57591 57582 4350b0 41 API calls 57581->57582 57583 451f7f 57582->57583 57610 434f80 41 API calls 2 library calls 57583->57610 57588 4abc08 std::_Facet_Register 41 API calls 57585->57588 57589 4abc08 std::_Facet_Register 41 API calls 57586->57589 57587->57583 57587->57585 57588->57591 57589->57591 57593 451f3c error_info_injector __Strxfrm 57591->57593 57611 497d39 41 API calls 2 library calls 57591->57611 57593->57514 57594->57512 57595->57566 57597 494a4a __fread_nolock 57596->57597 57598 494a35 57596->57598 57597->57574 57608 4950d4 14 API calls __dosmaperr 57598->57608 57600 494a3a 57609 497d29 41 API calls __wsopen_s 57600->57609 57602 494a45 57602->57574 57603->57565 57604->57578 57605->57575 57606->57578 57607->57578 57608->57600 57609->57602 57610->57591 57613->57527 57615->57554 57616->57556 57617->57558 57619 44cc1d 57618->57619 57620 44cabf 57618->57620 57621 44cc2b 57619->57621 57637 44cacb 57619->57637 57620->57619 57622 44cb35 57620->57622 57623 44cac6 57620->57623 57624 44cacd 57620->57624 57625 44cb8d 57620->57625 57620->57637 57643 44ba90 57621->57643 57628 4abc08 std::_Facet_Register 41 API calls 57622->57628 57642 451310 41 API calls 2 library calls 57623->57642 57631 4abc08 std::_Facet_Register 41 API calls 57624->57631 57630 4abc08 std::_Facet_Register 41 API calls 57625->57630 57626 4abbf5 CatchGuardHandler 5 API calls 57632 44cb2c 57626->57632 57634 44cb44 57628->57634 57630->57637 57631->57637 57632->57400 57636 4517f0 41 API calls 57634->57636 57636->57637 57637->57626 57638 44cc4c 57648 4afa0c RaiseException 57638->57648 57640 44cc5d 57642->57637 57644 44bab3 57643->57644 57644->57644 57645 4517f0 41 API calls 57644->57645 57646 44bac5 57645->57646 57647 451b00 41 API calls CatchGuardHandler 57646->57647 57647->57638 57648->57640 57649->57407 57651 44b9e4 57650->57651 57652 4520f0 41 API calls 57651->57652 57654 44b9f4 __Strxfrm 57651->57654 57653 44ba36 57652->57653 57653->57411 57654->57411 57656 452238 57655->57656 57659 45211b 57655->57659 57657 4350b0 41 API calls 57656->57657 57658 45223d 57657->57658 57691 434f80 41 API calls 2 library calls 57658->57691 57661 452181 57659->57661 57662 45218e 57659->57662 57664 452130 57659->57664 57668 452140 __Strxfrm 57659->57668 57661->57658 57661->57664 57665 4abc08 std::_Facet_Register 41 API calls 57662->57665 57663 4abc08 std::_Facet_Register 41 API calls 57663->57668 57664->57663 57665->57668 57669 4521f6 error_info_injector __Strxfrm 57668->57669 57692 497d39 41 API calls 2 library calls 57668->57692 57669->57406 57670->57417 57672 4517da 57671->57672 57675 4516f5 57671->57675 57673 4350b0 41 API calls 57672->57673 57674 4517df 57673->57674 57693 434f80 41 API calls 2 library calls 57674->57693 57677 451763 57675->57677 57678 45175a 57675->57678 57680 451709 57675->57680 57684 451719 __Strxfrm 57675->57684 57681 4abc08 std::_Facet_Register 41 API calls 57677->57681 57678->57674 57678->57680 57679 4abc08 std::_Facet_Register 41 API calls 57679->57684 57680->57679 57681->57684 57685 4517aa error_info_injector __Strxfrm 57684->57685 57694 497d39 41 API calls 2 library calls 57684->57694 57685->57419 57687 44b970 57686->57687 57688 4520f0 41 API calls 57687->57688 57690 44b987 __Strxfrm 57687->57690 57689 44b9be 57688->57689 57689->57426 57690->57426 57691->57668 57693->57684 57755 4350c0 57695->57755 57698 4350c0 41 API calls 57699 438b7d 57698->57699 57700 438bce 57699->57700 57701 4516d0 41 API calls 57699->57701 57702 4520f0 41 API calls 57700->57702 57703 438bdd __Strxfrm 57700->57703 57701->57700 57702->57703 57704 44b9d0 41 API calls 57703->57704 57705 438c20 57704->57705 57706 4520f0 41 API calls 57705->57706 57707 438c2f __Strxfrm 57705->57707 57706->57707 57708 44b9d0 41 API calls 57707->57708 57709 438c74 57708->57709 57710 44d060 41 API calls 57709->57710 57711 438c9b 57710->57711 57712 44d060 41 API calls 57711->57712 57713 438ca7 57712->57713 57713->57446 57715 4387e1 57714->57715 57716 438869 57715->57716 57717 4517f0 41 API calls 57715->57717 57718 4388f8 57716->57718 57719 4516d0 41 API calls 57716->57719 57717->57716 57720 4520f0 41 API calls 57718->57720 57721 43890c __Strxfrm 57718->57721 57719->57718 57720->57721 57722 44b9d0 41 API calls 57721->57722 57723 43893d 57722->57723 57724 438947 57723->57724 57725 451e50 41 API calls 57723->57725 57726 44b9d0 41 API calls 57724->57726 57725->57724 57727 438977 57726->57727 57728 438986 57727->57728 57729 4520f0 41 API calls 57727->57729 57730 44d060 41 API calls 57728->57730 57729->57728 57731 4389dd 57730->57731 57732 4abbf5 CatchGuardHandler 5 API calls 57731->57732 57733 4389f6 57732->57733 57734 4582b0 57733->57734 57735 458351 57734->57735 57736 458341 57734->57736 57738 44b9d0 41 API calls 57735->57738 57737 4516d0 41 API calls 57736->57737 57737->57735 57739 45835e 57738->57739 57740 44b960 41 API calls 57739->57740 57741 45836a 57740->57741 57742 44b9d0 41 API calls 57741->57742 57743 458374 57742->57743 57744 44b960 41 API calls 57743->57744 57745 458380 57744->57745 57746 44b9d0 41 API calls 57745->57746 57747 45838a 57746->57747 57748 44b9d0 41 API calls 57747->57748 57749 458394 57748->57749 57749->57452 57751 4ad3de ___std_exception_copy 41 API calls 57750->57751 57752 43874a 57751->57752 57753 4abbf5 CatchGuardHandler 5 API calls 57752->57753 57754 438777 57753->57754 57754->57462 57756 435106 57755->57756 57757 435148 57756->57757 57758 4517f0 41 API calls 57756->57758 57759 4abbf5 CatchGuardHandler 5 API calls 57757->57759 57758->57757 57760 4351a4 57759->57760 57760->57698 57761->57471 57762->57478 57763->57480 57765 4ad44e 57764->57765 57766 438d9b 57764->57766 57767 497357 ___vcrt_freefls@4 14 API calls 57765->57767 57766->57484 57767->57766 57769 455e8e 57770 456790 43 API calls 57769->57770 57771 455e95 57770->57771 57772 455fd1 57771->57772 57773 455f5d 57771->57773 57774 45607f 57771->57774 57775 455ee9 57771->57775 57778 45600b 57771->57778 57779 455f97 57771->57779 57780 455f23 57771->57780 57781 455eaf 57771->57781 57782 456045 57771->57782 57795 455e51 57771->57795 57784 451e50 41 API calls 57772->57784 57785 455e4a 57772->57785 57773->57785 57790 451e50 41 API calls 57773->57790 57819 456920 43 API calls CatchGuardHandler 57774->57819 57775->57785 57786 451e50 41 API calls 57775->57786 57776 4abbf5 CatchGuardHandler 5 API calls 57791 456432 57776->57791 57778->57785 57787 451e50 41 API calls 57778->57787 57779->57785 57793 451e50 41 API calls 57779->57793 57780->57785 57788 451e50 41 API calls 57780->57788 57783 451e50 41 API calls 57781->57783 57781->57785 57782->57785 57789 451e50 41 API calls 57782->57789 57783->57785 57784->57785 57794 456790 43 API calls 57785->57794 57786->57785 57787->57785 57788->57785 57789->57785 57790->57785 57792 456086 57792->57795 57796 456790 43 API calls 57792->57796 57816 4560c7 57792->57816 57793->57785 57794->57795 57795->57776 57799 4560a7 57796->57799 57797 45611c 57801 456131 57797->57801 57802 456180 57797->57802 57803 456159 57797->57803 57798 45610f 57821 456740 41 API calls 57798->57821 57799->57795 57804 456790 43 API calls 57799->57804 57827 456740 41 API calls 57801->57827 57825 456740 41 API calls 57802->57825 57822 456740 41 API calls 57803->57822 57808 4560b7 57804->57808 57808->57795 57820 456920 43 API calls CatchGuardHandler 57808->57820 57809 456167 57823 456740 41 API calls 57809->57823 57810 45618e 57826 456740 41 API calls 57810->57826 57811 4561b0 57828 456740 41 API calls 57811->57828 57816->57795 57816->57797 57816->57798 57817 456171 57824 456740 41 API calls 57817->57824 57819->57792 57820->57816 57821->57785 57822->57809 57823->57817 57824->57785 57825->57810 57826->57801 57827->57811 57828->57785 57829 48d6e6 57830 48d6ff 57829->57830 57849 48d6f3 57829->57849 57831 48d709 57830->57831 57845 48d898 57830->57845 57848 48d742 57831->57848 57874 44b8f0 57831->57874 57832 48d915 57836 48e1c0 46 API calls 57832->57836 57833 4abbf5 CatchGuardHandler 5 API calls 57834 48e0d0 57833->57834 57838 48d92a 57836->57838 57837 48e1c0 46 API calls 57837->57845 57842 48d6a0 5 API calls 57838->57842 57839 48d7fa 57841 48e1c0 46 API calls 57839->57841 57844 48d83e 57841->57844 57842->57849 57843 48d6a0 5 API calls 57843->57845 57847 48d6a0 5 API calls 57844->57847 57845->57832 57845->57837 57845->57843 57847->57849 57848->57839 57850 48e1c0 57848->57850 57870 48d6a0 57848->57870 57849->57833 57853 48e212 57850->57853 57859 48e3fa 57850->57859 57851 48e47a 57893 48e550 41 API calls 57851->57893 57853->57851 57861 48e3f4 57853->57861 57880 48e0dc 57853->57880 57885 48e110 57853->57885 57890 434bc0 46 API calls 57853->57890 57855 48e485 57856 4350c0 41 API calls 57855->57856 57857 48e499 57856->57857 57894 48ef40 41 API calls 57857->57894 57859->57848 57860 48e474 57895 4511a0 41 API calls CatchGuardHandler 57860->57895 57861->57859 57891 48e550 41 API calls 57861->57891 57864 48e4c0 57896 4afa0c RaiseException 57864->57896 57865 48e464 57892 48f020 41 API calls 57865->57892 57871 48d6df 57870->57871 57872 4abbf5 CatchGuardHandler 5 API calls 57871->57872 57873 48e0d0 57872->57873 57873->57848 57875 44b912 57874->57875 57876 44b8fe 57874->57876 57877 44b920 __fread_nolock 57875->57877 57897 451f90 57875->57897 57876->57848 57877->57848 57879 44b953 57879->57848 57881 48e103 57880->57881 57882 48e129 __Strxfrm 57880->57882 57881->57882 57883 4520f0 41 API calls 57881->57883 57882->57853 57884 48e15d 57883->57884 57884->57853 57886 48e150 57885->57886 57888 48e129 __Strxfrm 57885->57888 57887 4520f0 41 API calls 57886->57887 57889 48e15d 57887->57889 57888->57853 57889->57853 57890->57853 57891->57865 57892->57860 57893->57855 57894->57860 57895->57864 57898 4520d9 57897->57898 57902 451fb5 57897->57902 57899 4350b0 41 API calls 57898->57899 57900 4520de 57899->57900 57912 434f80 41 API calls 2 library calls 57900->57912 57904 452028 57902->57904 57905 45201b 57902->57905 57907 451fca 57902->57907 57909 451fda __fread_nolock __Strxfrm 57902->57909 57903 4abc08 std::_Facet_Register 41 API calls 57903->57909 57908 4abc08 std::_Facet_Register 41 API calls 57904->57908 57905->57900 57905->57907 57907->57903 57908->57909 57911 452097 __fread_nolock error_info_injector __Strxfrm 57909->57911 57913 497d39 41 API calls 2 library calls 57909->57913 57911->57879 57912->57909 57914 48d95a 57915 48d976 57914->57915 57925 48d96a 57914->57925 57916 48d980 57915->57916 57924 48daad 57915->57924 57921 44b8f0 41 API calls 57916->57921 57926 48d9b9 57916->57926 57917 4abbf5 CatchGuardHandler 5 API calls 57919 48e0d0 57917->57919 57918 48daf5 57923 48d6a0 5 API calls 57918->57923 57920 48d6a0 5 API calls 57920->57924 57921->57926 57922 48da31 57927 48d6a0 5 API calls 57922->57927 57923->57925 57924->57918 57924->57920 57925->57917 57926->57922 57928 48d6a0 5 API calls 57926->57928 57927->57925 57928->57926 57929 49865a 57930 49866a 57929->57930 57931 49867d 57929->57931 57968 4950d4 14 API calls __dosmaperr 57930->57968 57933 49868f 57931->57933 57942 4986a2 57931->57942 57970 4950d4 14 API calls __dosmaperr 57933->57970 57935 49866f 57969 497d29 41 API calls __wsopen_s 57935->57969 57936 498694 57971 497d29 41 API calls __wsopen_s 57936->57971 57937 4986c2 57972 4950d4 14 API calls __dosmaperr 57937->57972 57938 4986d3 57960 4a1286 57938->57960 57942->57937 57942->57938 57946 4986ea 57947 4988e0 57946->57947 57980 4a06a5 57946->57980 57996 497d56 IsProcessorFeaturePresent 57947->57996 57950 4988ea 57951 4986fc 57951->57947 57987 4a06d1 57951->57987 57953 49870e 57953->57947 57954 498717 57953->57954 57955 49879c 57954->57955 57956 498738 57954->57956 57959 498679 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 57955->57959 57995 4a12e3 41 API calls 2 library calls 57955->57995 57956->57959 57994 4a12e3 41 API calls 2 library calls 57956->57994 57961 4a1292 __FrameHandler3::FrameUnwindToState 57960->57961 57962 4986d8 57961->57962 58000 49b2e1 EnterCriticalSection 57961->58000 57973 4a0679 57962->57973 57964 4a12a3 57965 4a12b7 57964->57965 58001 4a11ce 57964->58001 58013 4a12da LeaveCriticalSection std::_Lockit::~_Lockit 57965->58013 57968->57935 57969->57959 57970->57936 57971->57959 57972->57959 57974 4a069a 57973->57974 57975 4a0685 57973->57975 57974->57946 58127 4950d4 14 API calls __dosmaperr 57975->58127 57977 4a068a 58128 497d29 41 API calls __wsopen_s 57977->58128 57979 4a0695 57979->57946 57981 4a06b1 57980->57981 57982 4a06c6 57980->57982 58129 4950d4 14 API calls __dosmaperr 57981->58129 57982->57951 57984 4a06b6 58130 497d29 41 API calls __wsopen_s 57984->58130 57986 4a06c1 57986->57951 57988 4a06dd 57987->57988 57989 4a06f2 57987->57989 58131 4950d4 14 API calls __dosmaperr 57988->58131 57989->57953 57991 4a06e2 58132 497d29 41 API calls __wsopen_s 57991->58132 57993 4a06ed 57993->57953 57994->57959 57995->57959 57997 497d62 57996->57997 58133 497b2d 57997->58133 58000->57964 58014 4a0d24 58001->58014 58004 4a122a 58006 4a1227 58004->58006 58083 4a1074 58004->58083 58005 4a1221 58023 4a0de2 58005->58023 58009 49c0bd ___free_lconv_mon 14 API calls 58006->58009 58010 4a1235 58009->58010 58011 4abbf5 CatchGuardHandler 5 API calls 58010->58011 58012 4a1242 58011->58012 58012->57965 58013->57962 58016 4a0d43 _strftime 58014->58016 58015 4a0d4a 58015->58004 58015->58005 58016->58015 58017 49d15a _strftime 15 API calls 58016->58017 58018 4a0d64 _strftime 58017->58018 58020 4a0d6b 58018->58020 58021 4a0d8d 58018->58021 58019 49c0bd ___free_lconv_mon 14 API calls 58019->58015 58020->58019 58022 49c0bd ___free_lconv_mon 14 API calls 58021->58022 58022->58015 58024 4a0df2 _strftime 58023->58024 58025 4a06d1 _strftime 41 API calls 58024->58025 58026 4a0e13 58025->58026 58027 4a1067 58026->58027 58029 4a0679 _strftime 41 API calls 58026->58029 58028 497d56 __Getcoll 11 API calls 58027->58028 58030 4a1073 _strftime 58028->58030 58031 4a0e25 58029->58031 58033 4a06d1 _strftime 41 API calls 58030->58033 58031->58027 58032 49d15a _strftime 15 API calls 58031->58032 58034 4a0e9b 58031->58034 58035 4a0e8c 58032->58035 58036 4a10a1 58033->58036 58034->58006 58037 4a0e93 58035->58037 58038 4a0ea1 58035->58038 58040 4a11c3 58036->58040 58043 4a0679 _strftime 41 API calls 58036->58043 58041 49c0bd ___free_lconv_mon 14 API calls 58037->58041 58039 49c0bd ___free_lconv_mon 14 API calls 58038->58039 58042 4a0eac 58039->58042 58044 497d56 __Getcoll 11 API calls 58040->58044 58041->58034 58115 4a4e67 41 API calls 2 library calls 58042->58115 58045 4a10b3 58043->58045 58046 4a11cd 58044->58046 58045->58040 58048 4a06a5 _strftime 41 API calls 58045->58048 58049 4a0d24 _strftime 15 API calls 58046->58049 58051 4a10c5 58048->58051 58052 4a1207 58049->58052 58050 4a0ed3 58050->58027 58065 4a0ede __fread_nolock 58050->58065 58051->58040 58054 4a10ce 58051->58054 58053 4a122a 58052->58053 58055 4a1221 58052->58055 58057 4a1227 58053->58057 58058 4a1074 _strftime 46 API calls 58053->58058 58056 49c0bd ___free_lconv_mon 14 API calls 58054->58056 58059 4a0de2 _strftime 46 API calls 58055->58059 58061 4a10d9 GetTimeZoneInformation 58056->58061 58060 49c0bd ___free_lconv_mon 14 API calls 58057->58060 58058->58057 58059->58057 58062 4a1235 58060->58062 58066 4a119d _strftime 58061->58066 58069 4a10f5 __fread_nolock 58061->58069 58063 4abbf5 CatchGuardHandler 5 API calls 58062->58063 58064 4a1242 58063->58064 58064->58006 58116 4a0d9b 47 API calls 6 library calls 58065->58116 58066->58006 58068 4a0f23 58117 4949e3 42 API calls 2 library calls 58068->58117 58121 4a3e20 41 API calls __Strcoll 58069->58121 58072 4a1178 58122 4a1244 47 API calls 4 library calls 58072->58122 58074 4a1189 58123 4a1244 47 API calls 4 library calls 58074->58123 58076 4a0f57 58077 4a0fe9 58076->58077 58118 4949e3 42 API calls 2 library calls 58076->58118 58081 4a104b _strftime 58077->58081 58120 4a0d9b 47 API calls 6 library calls 58077->58120 58080 4a0f94 58080->58077 58119 4949e3 42 API calls 2 library calls 58080->58119 58081->58027 58084 4a1084 _strftime 58083->58084 58085 4a06d1 _strftime 41 API calls 58084->58085 58086 4a10a1 58085->58086 58087 4a11c3 58086->58087 58088 4a0679 _strftime 41 API calls 58086->58088 58089 497d56 __Getcoll 11 API calls 58087->58089 58090 4a10b3 58088->58090 58091 4a11cd 58089->58091 58090->58087 58092 4a06a5 _strftime 41 API calls 58090->58092 58093 4a0d24 _strftime 15 API calls 58091->58093 58094 4a10c5 58092->58094 58095 4a1207 58093->58095 58094->58087 58097 4a10ce 58094->58097 58096 4a122a 58095->58096 58098 4a1221 58095->58098 58100 4a1227 58096->58100 58101 4a1074 _strftime 46 API calls 58096->58101 58099 49c0bd ___free_lconv_mon 14 API calls 58097->58099 58102 4a0de2 _strftime 46 API calls 58098->58102 58104 4a10d9 GetTimeZoneInformation 58099->58104 58103 49c0bd ___free_lconv_mon 14 API calls 58100->58103 58101->58100 58102->58100 58105 4a1235 58103->58105 58108 4a119d _strftime 58104->58108 58109 4a10f5 __fread_nolock 58104->58109 58106 4abbf5 CatchGuardHandler 5 API calls 58105->58106 58107 4a1242 58106->58107 58107->58006 58108->58006 58124 4a3e20 41 API calls __Strcoll 58109->58124 58111 4a1178 58125 4a1244 47 API calls 4 library calls 58111->58125 58113 4a1189 58126 4a1244 47 API calls 4 library calls 58113->58126 58115->58050 58116->58068 58117->58076 58118->58080 58119->58077 58120->58081 58121->58072 58122->58074 58123->58066 58124->58111 58125->58113 58126->58108 58127->57977 58128->57979 58129->57984 58130->57986 58131->57991 58132->57993 58134 497b49 __fread_nolock std::locale::_Setgloballocale 58133->58134 58135 497b75 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 58134->58135 58136 497c46 std::locale::_Setgloballocale 58135->58136 58137 4abbf5 CatchGuardHandler 5 API calls 58136->58137 58138 497c64 GetCurrentProcess TerminateProcess 58137->58138 58138->57950 58139 4ac379 58140 4ac385 __FrameHandler3::FrameUnwindToState 58139->58140 58167 4abdc3 58140->58167 58142 4ac38c 58143 4ac4df 58142->58143 58154 4ac3b6 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock std::locale::_Setgloballocale 58142->58154 58267 4ac6bf 4 API calls 2 library calls 58143->58267 58145 4ac4e6 58260 4a2a0e 58145->58260 58149 4ac4f4 58150 4ac3d5 58151 4ac456 58178 4ac7d4 58151->58178 58154->58150 58154->58151 58263 4a29e8 41 API calls 4 library calls 58154->58263 58168 4abdcc 58167->58168 58269 4aca4b IsProcessorFeaturePresent 58168->58269 58170 4abdd8 58270 4af9d6 10 API calls 2 library calls 58170->58270 58172 4abddd 58177 4abde1 58172->58177 58271 4ba4fc 58172->58271 58174 4abdf8 58174->58142 58177->58142 58334 4ade50 58178->58334 58181 4ac45c 58182 4ba53e 58181->58182 58336 4a3a7a 58182->58336 58184 4ac464 58187 47e240 GetCurrentProcess OpenProcessToken 58184->58187 58185 4ba547 58185->58184 58342 4bb09f 41 API calls 58185->58342 58188 47e2b4 GetTokenInformation 58187->58188 58189 47e2d8 58187->58189 58188->58189 58190 47e2f2 CloseHandle 58189->58190 58191 47e2f9 58189->58191 58190->58191 58192 47e337 58191->58192 58193 47e2fd 58191->58193 58345 48cb50 58192->58345 59470 481970 42 API calls 2 library calls 58193->59470 58196 47e308 59471 48aa80 61 API calls CatchGuardHandler 58196->59471 58199 48cb50 10 API calls 58201 47e34b 58199->58201 58200 47e316 58202 47e328 ExitProcess 58200->58202 58355 47ecc0 58201->58355 58205 44d060 41 API calls 58206 47e3fe OpenMutexA 58205->58206 58207 47e426 CreateMutexA 58206->58207 58208 47e41b ExitProcess 58206->58208 58359 479130 58207->58359 62155 4a2800 58260->62155 58263->58151 58267->58145 58268 4a29d2 41 API calls std::locale::_Setgloballocale 58268->58149 58269->58170 58270->58172 58275 4bb0d0 58271->58275 58274 4af9f5 7 API calls 2 library calls 58274->58177 58276 4bb0e0 58275->58276 58277 4abdea 58275->58277 58276->58277 58280 49ae1f 58276->58280 58292 49ad6f 58276->58292 58277->58174 58277->58274 58281 49ae2b __FrameHandler3::FrameUnwindToState 58280->58281 58297 49b2e1 EnterCriticalSection 58281->58297 58283 49ae32 58298 4a2ddd 58283->58298 58286 49ae50 58312 49ae76 LeaveCriticalSection std::_Lockit::~_Lockit 58286->58312 58289 49ae4b 58291 49ad6f 2 API calls 58289->58291 58290 49ae61 58290->58276 58291->58286 58296 49ad76 58292->58296 58293 49adb9 GetStdHandle 58293->58296 58294 49ae1b 58294->58276 58295 49adcc GetFileType 58295->58296 58296->58293 58296->58294 58296->58295 58297->58283 58299 4a2de9 __FrameHandler3::FrameUnwindToState 58298->58299 58300 4a2df2 58299->58300 58301 4a2e13 58299->58301 58321 4950d4 14 API calls __dosmaperr 58300->58321 58313 49b2e1 EnterCriticalSection 58301->58313 58304 4a2df7 58322 497d29 41 API calls __wsopen_s 58304->58322 58305 4a2e1f 58310 4a2e4b 58305->58310 58314 4a2d2d 58305->58314 58307 49ae41 58307->58286 58311 49acb9 44 API calls 58307->58311 58323 4a2e72 LeaveCriticalSection std::_Lockit::~_Lockit 58310->58323 58311->58289 58312->58290 58313->58305 58324 49c6a4 58314->58324 58316 4a2d4c 58317 49c0bd ___free_lconv_mon 14 API calls 58316->58317 58319 4a2da1 58317->58319 58318 4a2d3f 58318->58316 58331 49cd70 6 API calls __dosmaperr 58318->58331 58319->58305 58321->58304 58322->58307 58323->58307 58329 49c6b1 _strftime 58324->58329 58325 49c6f1 58333 4950d4 14 API calls __dosmaperr 58325->58333 58326 49c6dc RtlAllocateHeap 58327 49c6ef 58326->58327 58326->58329 58327->58318 58329->58325 58329->58326 58332 4a6cfd EnterCriticalSection LeaveCriticalSection std::_Facet_Register 58329->58332 58331->58318 58332->58329 58333->58327 58335 4ac7e7 GetStartupInfoW 58334->58335 58335->58181 58337 4a3ab5 58336->58337 58338 4a3a83 58336->58338 58337->58185 58343 499362 41 API calls 3 library calls 58338->58343 58340 4a3aa6 58344 4a3885 51 API calls 3 library calls 58340->58344 58342->58185 58343->58340 58344->58337 58346 48cbb0 58345->58346 58346->58346 58347 48cbbb GetCurrentProcess OpenProcessToken 58346->58347 58348 48cc1d 58347->58348 58349 48cbd2 LookupPrivilegeValueW 58347->58349 58351 48cc2d CloseHandle 58348->58351 58352 48cc37 58348->58352 58349->58348 58350 48cbe9 AdjustTokenPrivileges 58349->58350 58350->58348 58351->58352 58353 4abbf5 CatchGuardHandler 5 API calls 58352->58353 58354 47e341 58353->58354 58354->58199 58356 47ed00 58355->58356 58356->58356 59474 4740f0 58356->59474 58358 47e3ec 58358->58205 59480 478d40 58359->59480 58362 4517f0 41 API calls 58363 479249 58362->58363 58364 4517f0 41 API calls 58363->58364 58365 47930d 58364->58365 58366 4517f0 41 API calls 58365->58366 58367 4793d1 58366->58367 58368 4517f0 41 API calls 58367->58368 58369 479499 58368->58369 58370 4517f0 41 API calls 58369->58370 58371 47955d 58370->58371 58372 4517f0 41 API calls 58371->58372 58373 479621 58372->58373 58374 4517f0 41 API calls 58373->58374 58375 4796e9 58374->58375 58376 4517f0 41 API calls 58375->58376 58377 4797ad 58376->58377 58378 4517f0 41 API calls 58377->58378 58379 479871 58378->58379 58380 4517f0 41 API calls 58379->58380 58381 479939 58380->58381 59505 479ec0 58381->59505 58383 47996e 59531 44d7d0 58383->59531 58385 4799a2 59546 4738e0 58385->59546 58388 44ba90 41 API calls 58389 4799ed 58388->58389 59557 44eb90 58389->59557 58396 479a38 59595 44c960 58396->59595 58397 44c960 41 API calls 58397->58396 58399 479a70 58400 44d060 41 API calls 58399->58400 58401 479a7f 58400->58401 58402 44d060 41 API calls 58401->58402 58403 479a8e 58402->58403 58404 44eb90 41 API calls 58403->58404 58405 479a9b 58404->58405 59604 479c20 58405->59604 58408 44eb90 41 API calls 58409 479ab5 58408->58409 59613 479d70 58409->59613 59470->58196 59471->58200 59475 474178 59474->59475 59478 47410a __Strxfrm 59474->59478 59479 477640 44 API calls 5 library calls 59475->59479 59477 474186 59477->58358 59478->58358 59479->59477 59481 4517f0 41 API calls 59480->59481 59482 478dc8 __Strxfrm 59481->59482 59621 44fe10 59482->59621 59485 4517f0 41 API calls 59486 478ee8 59485->59486 59487 44fe10 41 API calls 59486->59487 59488 478efd 59487->59488 59489 44d060 41 API calls 59488->59489 59490 478f0c 59489->59490 59491 4517f0 41 API calls 59490->59491 59492 478f3c 59491->59492 59493 44fe10 41 API calls 59492->59493 59494 478f51 59493->59494 59495 44d060 41 API calls 59494->59495 59500 478f60 59495->59500 59496 44d060 41 API calls 59497 4790ef 59496->59497 59498 44d060 41 API calls 59497->59498 59499 4790fe 59498->59499 59501 44d060 41 API calls 59499->59501 59500->59496 59500->59500 59502 47910a 59501->59502 59503 4abbf5 CatchGuardHandler 5 API calls 59502->59503 59504 479127 59503->59504 59504->58362 59506 479ef7 59505->59506 59507 479fdc 59505->59507 59508 47a0c0 59506->59508 59517 479f03 59506->59517 59519 47a062 59507->59519 59524 47a001 59507->59524 59629 449730 41 API calls 59508->59629 59510 47a094 59512 47a0b1 59510->59512 59515 44d060 41 API calls 59510->59515 59511 47a03c 59628 47a0d0 41 API calls CatchGuardHandler 59511->59628 59512->58383 59514 47a0c5 59630 497d39 41 API calls 2 library calls 59514->59630 59515->59510 59516 47a053 59516->58383 59526 44d060 41 API calls 59517->59526 59527 479f84 error_info_injector 59517->59527 59530 479f44 59517->59530 59519->59510 59523 44d7d0 41 API calls 59519->59523 59521 44d7d0 41 API calls 59521->59524 59523->59519 59524->59511 59524->59521 59525 479fb1 59627 47a0d0 41 API calls CatchGuardHandler 59525->59627 59526->59517 59626 454e60 41 API calls 2 library calls 59527->59626 59529 479fcd 59529->58383 59530->59514 59530->59527 59535 44d7ee __Strxfrm 59531->59535 59536 44d814 59531->59536 59532 44d8f4 59533 4350b0 41 API calls 59532->59533 59534 44d8f9 59533->59534 59632 434f80 41 API calls 2 library calls 59534->59632 59535->58385 59536->59532 59540 44d88b 59536->59540 59542 44d84b __Strxfrm 59536->59542 59543 44d857 59536->59543 59537 4abc08 std::_Facet_Register 41 API calls 59537->59542 59539 44d8fe 59541 4abc08 std::_Facet_Register 41 API calls 59540->59541 59541->59542 59545 44d8d6 error_info_injector 59542->59545 59631 497d39 41 API calls 2 library calls 59542->59631 59543->59534 59543->59537 59545->58385 59547 44ca70 41 API calls 59546->59547 59548 473957 59547->59548 59633 4759f0 59548->59633 59553 44d060 41 API calls 59554 4739e6 59553->59554 59555 454ec0 41 API calls 59554->59555 59556 4739f2 59555->59556 59556->58388 59558 44ebf1 59557->59558 59558->59558 59559 4517f0 41 API calls 59558->59559 59560 44ec06 59559->59560 59872 44a980 59560->59872 59563 44f070 59564 44f13c 59563->59564 59565 44f0ef 59563->59565 59903 4510c0 41 API calls 59564->59903 59566 44f10a 59565->59566 59567 44d7d0 41 API calls 59565->59567 59574 44f180 59566->59574 59567->59566 59569 44f155 59904 4511a0 41 API calls CatchGuardHandler 59569->59904 59571 44f16a 59905 4afa0c RaiseException 59571->59905 59573 44f17b 59579 44f220 59574->59579 59575 44f31c 59576 44f3e6 59575->59576 59577 44f343 59575->59577 59908 44d7c0 41 API calls 59576->59908 59581 4517f0 41 API calls 59577->59581 59579->59575 59579->59576 59582 4517f0 41 API calls 59579->59582 59586 44d060 41 API calls 59579->59586 59592 44bad0 41 API calls 59579->59592 59906 458940 41 API calls 59579->59906 59583 44f362 59581->59583 59582->59579 59584 44f373 59583->59584 59907 45ffe0 41 API calls 59583->59907 59587 44d060 41 API calls 59584->59587 59586->59579 59588 44f3ba 59587->59588 59589 44d060 41 API calls 59588->59589 59590 44f3c6 59589->59590 59593 4abbf5 CatchGuardHandler 5 API calls 59590->59593 59592->59579 59594 44f3df 59593->59594 59594->58396 59594->58397 59596 44c98d 59595->59596 59599 44c9d8 error_info_injector 59595->59599 59597 44c9a2 59596->59597 59598 44d060 41 API calls 59596->59598 59597->59599 59909 497d39 41 API calls 2 library calls 59597->59909 59598->59596 59599->58399 59605 479c53 59604->59605 59606 479aa2 59605->59606 59910 4510c0 41 API calls 59605->59910 59606->58408 59608 479d14 59911 4511a0 41 API calls CatchGuardHandler 59608->59911 59610 479d29 59912 4afa0c RaiseException 59610->59912 59612 479d3a 59614 479da3 59613->59614 59913 4510c0 41 API calls 59614->59913 59616 479e63 59914 4511a0 41 API calls CatchGuardHandler 59616->59914 59618 479e78 59915 4afa0c RaiseException 59618->59915 59620 479e89 59622 44b8f0 41 API calls 59621->59622 59625 44fea4 __Strxfrm 59622->59625 59623 44b8f0 41 API calls 59624 44ffad 59623->59624 59624->59485 59625->59623 59626->59525 59627->59529 59628->59516 59632->59539 59634 475a5c 59633->59634 59715 494d10 59634->59715 59638 4739ba 59639 473b90 59638->59639 59640 473e7f 59639->59640 59644 473bec __fread_nolock 59639->59644 59867 476a20 46 API calls CatchGuardHandler 59640->59867 59642 473eca 59643 474190 44 API calls 59642->59643 59645 473eda 59643->59645 59864 454180 41 API calls 59644->59864 59647 474003 59645->59647 59649 4517f0 41 API calls 59645->59649 59650 474076 59647->59650 59654 44ca70 41 API calls 59647->59654 59648 473c61 59865 475df0 46 API calls CatchGuardHandler 59648->59865 59653 473f16 59649->59653 59652 4540f0 41 API calls 59650->59652 59656 473e7a 59652->59656 59657 4543f0 46 API calls 59653->59657 59658 474029 59654->59658 59655 473c76 59659 474190 44 API calls 59655->59659 59661 4abbf5 CatchGuardHandler 5 API calls 59656->59661 59662 473f31 59657->59662 59663 44d3b0 41 API calls 59658->59663 59660 473c7e 59659->59660 59664 473d96 59660->59664 59667 4517f0 41 API calls 59660->59667 59665 4739cd 59661->59665 59666 459790 41 API calls 59662->59666 59663->59650 59668 473df6 59664->59668 59669 473d9c 59664->59669 59665->59553 59670 473f5f 59666->59670 59671 473cae 59667->59671 59673 473e68 59668->59673 59677 44ca70 41 API calls 59668->59677 59672 44ca70 41 API calls 59669->59672 59674 454730 46 API calls 59670->59674 59675 4543f0 46 API calls 59671->59675 59676 473dbc 59672->59676 59866 453fe0 41 API calls 59673->59866 59678 473f7a 59674->59678 59680 473cc6 59675->59680 59686 44d3b0 41 API calls 59676->59686 59677->59676 59681 473f8c 59678->59681 59682 4740c9 59678->59682 59684 459790 41 API calls 59680->59684 59683 44d060 41 API calls 59681->59683 59870 44d1a0 41 API calls 59682->59870 59687 473f9b 59683->59687 59688 473cf4 59684->59688 59686->59673 59690 4ad441 ___std_exception_destroy 14 API calls 59687->59690 59691 454730 46 API calls 59688->59691 59689 4740d5 59871 4afa0c RaiseException 59689->59871 59693 473fc5 59690->59693 59694 473d10 59691->59694 59696 4ad441 ___std_exception_destroy 14 API calls 59693->59696 59697 4740a7 59694->59697 59698 473d22 59694->59698 59695 4740e6 59699 473fe2 59696->59699 59868 44d1a0 41 API calls 59697->59868 59701 44d060 41 API calls 59698->59701 59702 44d060 41 API calls 59699->59702 59704 473d31 59701->59704 59705 473ff4 59702->59705 59703 4740b8 59869 4afa0c RaiseException 59703->59869 59707 4ad441 ___std_exception_destroy 14 API calls 59704->59707 59708 44d060 41 API calls 59705->59708 59709 473d5b 59707->59709 59708->59647 59710 4ad441 ___std_exception_destroy 14 API calls 59709->59710 59711 473d78 59710->59711 59712 44d060 41 API calls 59711->59712 59713 473d8a 59712->59713 59714 44d060 41 API calls 59713->59714 59714->59664 59786 4992a7 GetLastError 59715->59786 59720 474190 59721 4741a9 59720->59721 59746 4741ec 59720->59746 59853 475760 41 API calls 59721->59853 59724 4741ae 59724->59746 59854 475760 41 API calls 59724->59854 59725 474243 59726 474389 59725->59726 59728 474286 59725->59728 59729 474324 59725->59729 59730 4742c2 59725->59730 59731 4742ae 59725->59731 59732 474349 59725->59732 59733 4742d6 59725->59733 59734 474375 59725->59734 59735 474272 59725->59735 59736 47435f 59725->59736 59737 47425e 59725->59737 59738 4742fb 59725->59738 59739 47429a 59725->59739 59744 4abbf5 CatchGuardHandler 5 API calls 59726->59744 59754 4abbf5 CatchGuardHandler 5 API calls 59728->59754 59861 4744f0 41 API calls 59729->59861 59745 4abbf5 CatchGuardHandler 5 API calls 59730->59745 59743 4abbf5 CatchGuardHandler 5 API calls 59731->59743 59862 474e30 41 API calls CatchGuardHandler 59732->59862 59859 4744f0 41 API calls 59733->59859 59742 4abbf5 CatchGuardHandler 5 API calls 59734->59742 59753 4abbf5 CatchGuardHandler 5 API calls 59735->59753 59863 4745a0 44 API calls 2 library calls 59736->59863 59751 4abbf5 CatchGuardHandler 5 API calls 59737->59751 59860 4744f0 41 API calls 59738->59860 59757 4abbf5 CatchGuardHandler 5 API calls 59739->59757 59740 4741bc 59756 4741d1 59740->59756 59855 475760 41 API calls 59740->59855 59760 474385 59742->59760 59761 4742be 59743->59761 59762 4743a0 59744->59762 59763 4742d2 59745->59763 59856 474460 41 API calls 59746->59856 59749 47421b 59749->59725 59749->59726 59857 474d00 41 API calls 59749->59857 59858 474460 41 API calls 59749->59858 59767 47426e 59751->59767 59769 474282 59753->59769 59770 474296 59754->59770 59759 4abbf5 CatchGuardHandler 5 API calls 59756->59759 59758 4742aa 59757->59758 59758->59638 59773 4741e8 59759->59773 59760->59638 59761->59638 59762->59638 59763->59638 59764 4742ec 59774 4abbf5 CatchGuardHandler 5 API calls 59764->59774 59765 474315 59775 4abbf5 CatchGuardHandler 5 API calls 59765->59775 59766 47433a 59777 4abbf5 CatchGuardHandler 5 API calls 59766->59777 59767->59638 59768 474350 59778 4abbf5 CatchGuardHandler 5 API calls 59768->59778 59769->59638 59770->59638 59771 474366 59779 4abbf5 CatchGuardHandler 5 API calls 59771->59779 59773->59638 59781 4742f7 59774->59781 59782 474320 59775->59782 59783 474345 59777->59783 59784 47435b 59778->59784 59785 474371 59779->59785 59780 4741ca 59780->59746 59780->59756 59781->59638 59782->59638 59783->59638 59784->59638 59785->59638 59787 4992bd 59786->59787 59790 4992c3 59786->59790 59817 49cbd8 6 API calls __dosmaperr 59787->59817 59810 4992c7 SetLastError 59790->59810 59818 49cc17 6 API calls __dosmaperr 59790->59818 59791 4992df 59793 49c6a4 __dosmaperr 14 API calls 59791->59793 59791->59810 59796 4992f4 59793->59796 59794 49935c 59823 498ca6 59794->59823 59795 494d1b 59813 49b0ec 59795->59813 59798 49930d 59796->59798 59799 4992fc 59796->59799 59820 49cc17 6 API calls __dosmaperr 59798->59820 59819 49cc17 6 API calls __dosmaperr 59799->59819 59803 49930a 59808 49c0bd ___free_lconv_mon 14 API calls 59803->59808 59804 499319 59805 49931d 59804->59805 59806 499334 59804->59806 59821 49cc17 6 API calls __dosmaperr 59805->59821 59822 4990d5 14 API calls __dosmaperr 59806->59822 59808->59810 59810->59794 59810->59795 59811 49933f 59812 49c0bd ___free_lconv_mon 14 API calls 59811->59812 59812->59810 59814 49b0ff 59813->59814 59816 475b5c 59813->59816 59814->59816 59837 4a342d 59814->59837 59816->59720 59817->59790 59818->59791 59819->59803 59820->59804 59821->59803 59822->59811 59834 4a2af6 EnterCriticalSection LeaveCriticalSection std::locale::_Setgloballocale 59823->59834 59825 498cab 59826 498cb6 59825->59826 59835 4a2b3b 41 API calls 7 library calls 59825->59835 59828 498cc0 IsProcessorFeaturePresent 59826->59828 59829 498cdf 59826->59829 59831 498ccc 59828->59831 59836 4a29d2 41 API calls std::locale::_Setgloballocale 59829->59836 59833 497b2d std::locale::_Setgloballocale 8 API calls 59831->59833 59832 498ce9 59833->59829 59834->59825 59835->59826 59836->59832 59838 4a3439 __FrameHandler3::FrameUnwindToState 59837->59838 59839 4992a7 __Strcoll 41 API calls 59838->59839 59840 4a3442 59839->59840 59841 4a3488 59840->59841 59850 49b2e1 EnterCriticalSection 59840->59850 59841->59816 59843 4a3460 59851 4a34ae 14 API calls __Strcoll 59843->59851 59845 4a3471 59852 4a348d LeaveCriticalSection std::_Lockit::~_Lockit 59845->59852 59847 4a3484 59847->59841 59848 498ca6 __purecall 41 API calls 59847->59848 59849 4a34ad 59848->59849 59850->59843 59851->59845 59852->59847 59853->59724 59854->59740 59855->59780 59856->59749 59857->59749 59858->59749 59859->59764 59860->59765 59861->59766 59862->59768 59863->59771 59864->59648 59865->59655 59866->59656 59867->59642 59868->59703 59869->59682 59870->59689 59871->59695 59873 44a9b5 59872->59873 59877 44a9bd 59872->59877 59898 451310 41 API calls 2 library calls 59873->59898 59875 44a9c5 59888 458110 59875->59888 59876 44a9fe 59899 4513c0 41 API calls 59876->59899 59877->59875 59877->59876 59879 44a9d6 59881 44d060 41 API calls 59879->59881 59882 44a9e8 59881->59882 59882->59563 59883 44aa14 59900 4511a0 41 API calls CatchGuardHandler 59883->59900 59885 44aa26 59901 4afa0c RaiseException 59885->59901 59887 44aa37 59891 458164 59888->59891 59889 4581c4 59892 4abc08 std::_Facet_Register 41 API calls 59889->59892 59890 4582a0 59902 4351b0 41 API calls 59890->59902 59891->59889 59891->59890 59897 4581a4 59891->59897 59894 4581e5 59892->59894 59896 44ca70 41 API calls 59894->59896 59896->59897 59897->59879 59898->59877 59899->59883 59900->59885 59901->59887 59903->59569 59904->59571 59905->59573 59906->59579 59907->59584 59910->59608 59911->59610 59912->59612 59913->59616 59914->59618 59915->59620 62156 4a283f 62155->62156 62157 4a282d 62155->62157 62167 4a26b0 62156->62167 62182 4a28c8 GetModuleHandleW 62157->62182 62160 4a2832 62160->62156 62183 4a2923 GetModuleHandleExW 62160->62183 62162 4a287c 62162->58268 62168 4a26bc __FrameHandler3::FrameUnwindToState 62167->62168 62189 49b2e1 EnterCriticalSection 62168->62189 62170 4a26c6 62190 4a2718 62170->62190 62172 4a26d3 62194 4a26f1 62172->62194 62175 4a2897 62227 4a290a 62175->62227 62177 4a28a1 62178 4a28b5 62177->62178 62179 4a28a5 GetCurrentProcess TerminateProcess 62177->62179 62180 4a2923 std::locale::_Setgloballocale 3 API calls 62178->62180 62179->62178 62181 4a28bd ExitProcess 62180->62181 62182->62160 62184 4a2962 GetProcAddress 62183->62184 62185 4a2983 62183->62185 62184->62185 62188 4a2976 62184->62188 62186 4a2989 FreeLibrary 62185->62186 62187 4a283e 62185->62187 62186->62187 62187->62156 62188->62185 62189->62170 62191 4a2724 __FrameHandler3::FrameUnwindToState std::locale::_Setgloballocale 62190->62191 62193 4a2788 std::locale::_Setgloballocale 62191->62193 62197 4a8d62 62191->62197 62193->62172 62226 49b329 LeaveCriticalSection 62194->62226 62196 4a26df 62196->62162 62196->62175 62198 4a8d6e __EH_prolog3 62197->62198 62201 4a8aba 62198->62201 62200 4a8d95 std::locale::_Setgloballocale 62200->62193 62202 4a8ac6 __FrameHandler3::FrameUnwindToState 62201->62202 62209 49b2e1 EnterCriticalSection 62202->62209 62204 4a8ad4 62210 4a8c72 62204->62210 62208 4a8af2 62208->62200 62209->62204 62212 4a8c91 62210->62212 62213 4a8ae1 62210->62213 62211 4a8d1f 62211->62213 62214 49c0bd ___free_lconv_mon 14 API calls 62211->62214 62212->62211 62212->62213 62217 4cee50 62212->62217 62216 4a8b09 LeaveCriticalSection std::_Lockit::~_Lockit 62213->62216 62214->62213 62216->62208 62218 44d3b0 41 API calls 62217->62218 62219 4cee99 62218->62219 62220 44cfd0 41 API calls 62219->62220 62221 4ceeb2 62220->62221 62222 44cfd0 41 API calls 62221->62222 62223 4ceecb 62222->62223 62224 44cfd0 41 API calls 62223->62224 62225 4ceeea 62224->62225 62225->62212 62226->62196 62230 4a6ed5 5 API calls std::locale::_Setgloballocale 62227->62230 62229 4a290f std::locale::_Setgloballocale 62229->62177 62230->62229 62231 44a0b0 62232 44a0bc 62231->62232 62233 44a0c7 62232->62233 62235 449e50 43 API calls 62232->62235 62234 44a0d4 62235->62234 62236 470ef0 62237 4385b0 53 API calls 62236->62237 62238 470f74 62237->62238 62239 4385b0 53 API calls 62238->62239 62242 4717ff 62239->62242 62240 471c5b 62241 4abbf5 CatchGuardHandler 5 API calls 62240->62241 62243 471c72 62241->62243 62242->62240 62244 44e320 41 API calls 62242->62244 62245 471873 62244->62245 62246 436ee0 47 API calls 62245->62246 62247 47188f 62246->62247 62321 4735e0 62247->62321 62250 44d060 41 API calls 62251 4718b3 62250->62251 62252 44cfd0 41 API calls 62251->62252 62253 4718d9 62252->62253 62254 481830 145 API calls 62253->62254 62255 4718e7 62254->62255 62256 471c37 62255->62256 62258 44cd00 41 API calls 62255->62258 62257 471c49 62256->62257 62261 44d060 41 API calls 62256->62261 62260 44d060 41 API calls 62257->62260 62259 471908 62258->62259 62262 44d3b0 41 API calls 62259->62262 62260->62240 62261->62257 62263 47194e 62262->62263 62264 4abc08 std::_Facet_Register 41 API calls 62263->62264 62265 471964 62264->62265 62266 44bad0 41 API calls 62265->62266 62267 471984 62266->62267 62268 4517f0 41 API calls 62267->62268 62269 4719d0 62268->62269 62270 44a980 41 API calls 62269->62270 62271 4719e0 62270->62271 62272 44d3b0 41 API calls 62271->62272 62273 471a2f 62272->62273 62273->62256 62274 471c9c 62273->62274 62275 4368a0 RaiseException 62274->62275 62276 471ca1 62275->62276 62277 44e320 41 API calls 62276->62277 62278 471d45 62277->62278 62279 436ee0 47 API calls 62278->62279 62280 471d61 62279->62280 62281 44cfd0 41 API calls 62280->62281 62282 471d88 62281->62282 62283 44eaf0 44 API calls 62282->62283 62284 472133 62283->62284 62285 437150 41 API calls 62284->62285 62286 47214e 62285->62286 62287 44cfd0 41 API calls 62286->62287 62288 472161 62287->62288 62289 44ba90 41 API calls 62288->62289 62290 472348 62289->62290 62291 45d680 44 API calls 62290->62291 62292 47238c 62291->62292 62293 437150 41 API calls 62292->62293 62294 4723c3 62293->62294 62295 481110 145 API calls 62294->62295 62296 4723d7 62295->62296 62297 44cfd0 41 API calls 62296->62297 62298 4723ea 62297->62298 62299 44cfd0 41 API calls 62298->62299 62300 4723fd 62299->62300 62325 449510 72 API calls 62300->62325 62302 4727e0 62303 472dc5 62302->62303 62326 4384a0 62302->62326 62306 438f80 41 API calls 62303->62306 62308 472de3 62306->62308 62307 472e47 62309 4368a0 RaiseException 62307->62309 62310 44d060 41 API calls 62308->62310 62312 472e4c 62309->62312 62311 472def 62310->62311 62313 44cfd0 41 API calls 62311->62313 62314 437c30 46 API calls 62312->62314 62315 472e02 62313->62315 62316 472e60 62314->62316 62317 44d060 41 API calls 62315->62317 62318 472e29 62317->62318 62319 4abbf5 CatchGuardHandler 5 API calls 62318->62319 62320 472e40 62319->62320 62322 47361a 62321->62322 62323 4740f0 44 API calls 62322->62323 62324 4718a1 62323->62324 62324->62250 62325->62302 62327 4385b0 53 API calls 62326->62327 62328 4384bc 62327->62328 62329 4384dc 62328->62329 62330 4384f7 62328->62330 62331 4abbf5 CatchGuardHandler 5 API calls 62329->62331 62332 437c30 46 API calls 62330->62332 62333 4384ed 62331->62333 62334 438505 62332->62334 62333->62303 62333->62307 62335 4865d0 62366 47fd70 62335->62366 62338 48689b 62373 47fb50 62338->62373 62341 48666c 62343 44e320 41 API calls 62341->62343 62346 4866cf 62343->62346 62349 44cfd0 41 API calls 62346->62349 62351 486715 GetVolumeInformationW 62349->62351 62352 44cfd0 41 API calls 62351->62352 62355 486778 __fread_nolock 62352->62355 62353 48677c 62354 4abbf5 CatchGuardHandler 5 API calls 62353->62354 62356 486894 62354->62356 62355->62353 62380 47b120 72 API calls 62355->62380 62358 4867c5 62381 47b1e0 70 API calls 62358->62381 62360 4867fa 62361 448cc0 41 API calls 62360->62361 62362 48680c 62361->62362 62363 44d060 41 API calls 62362->62363 62364 48686c 62363->62364 62365 447920 41 API calls 62364->62365 62365->62353 62367 47fe28 62366->62367 62370 47fe0c 62366->62370 62367->62370 62386 451cf0 41 API calls 2 library calls 62367->62386 62372 47ff2c 62370->62372 62382 4b8517 GetCurrentDirectoryW 62370->62382 62387 451cf0 41 API calls 2 library calls 62370->62387 62372->62338 62372->62341 62374 44ba90 41 API calls 62373->62374 62375 47fb9d 62374->62375 62388 437450 41 API calls 62375->62388 62377 47fbb5 62389 4afa0c RaiseException 62377->62389 62379 47fbc6 62380->62358 62381->62360 62383 4b852d 62382->62383 62384 4b8536 GetLastError 62382->62384 62383->62384 62385 4b8532 62383->62385 62384->62385 62385->62370 62386->62370 62387->62370 62388->62377 62389->62379 62390 4561bf 62391 4561cf 62390->62391 62392 451e50 41 API calls 62391->62392 62393 456200 62392->62393 62394 451e50 41 API calls 62393->62394 62394->62393 62395 4bb697 62400 4bb3a9 62395->62400 62399 4bb6d6 62405 4bb3d7 ___vcrt_FlsFree 62400->62405 62402 4bb602 62419 497d29 41 API calls __wsopen_s 62402->62419 62404 4bb532 62404->62399 62412 4bc8a4 62404->62412 62410 4bb527 62405->62410 62415 4a92c0 42 API calls 2 library calls 62405->62415 62407 4bb58f 62407->62410 62416 4a92c0 42 API calls 2 library calls 62407->62416 62409 4bb5ad 62409->62410 62417 4a92c0 42 API calls 2 library calls 62409->62417 62410->62404 62418 4950d4 14 API calls __dosmaperr 62410->62418 62420 4bbeff 62412->62420 62415->62407 62416->62409 62417->62410 62418->62402 62419->62404 62422 4bbf0b __FrameHandler3::FrameUnwindToState 62420->62422 62421 4bbf12 62478 4950d4 14 API calls __dosmaperr 62421->62478 62422->62421 62425 4bbf3d 62422->62425 62424 4bbf17 62479 497d29 41 API calls __wsopen_s 62424->62479 62431 4bc57a 62425->62431 62430 4bbf21 62430->62399 62481 4bc2c8 62431->62481 62434 4bc5ac 62512 4950c1 14 API calls __dosmaperr 62434->62512 62435 4bc5c5 62498 4a2f56 62435->62498 62439 4bc5b1 62513 4950d4 14 API calls __dosmaperr 62439->62513 62440 4bc5ea 62511 4bc233 CreateFileW 62440->62511 62441 4bc5d3 62514 4950c1 14 API calls __dosmaperr 62441->62514 62445 4bc5d8 62515 4950d4 14 API calls __dosmaperr 62445->62515 62447 4bc6a0 GetFileType 62448 4bc6ab GetLastError 62447->62448 62449 4bc6f2 62447->62449 62518 49507a 14 API calls 2 library calls 62448->62518 62520 4a2e9e 15 API calls 3 library calls 62449->62520 62450 4bc675 GetLastError 62517 49507a 14 API calls 2 library calls 62450->62517 62452 4bc623 62452->62447 62452->62450 62516 4bc233 CreateFileW 62452->62516 62454 4bc6b9 CloseHandle 62454->62439 62456 4bc6e2 62454->62456 62519 4950d4 14 API calls __dosmaperr 62456->62519 62458 4bc668 62458->62447 62458->62450 62460 4bc6e7 62460->62439 62461 4bc713 62462 4bc75f 62461->62462 62521 4bc442 75 API calls 4 library calls 62461->62521 62466 4bc766 62462->62466 62523 4bbfdd 75 API calls 4 library calls 62462->62523 62465 4bc794 62465->62466 62467 4bc7a2 62465->62467 62522 49c22b 44 API calls __wsopen_s 62466->62522 62469 4bbf61 62467->62469 62470 4bc81e CloseHandle 62467->62470 62480 4bbf94 LeaveCriticalSection __wsopen_s 62469->62480 62524 4bc233 CreateFileW 62470->62524 62472 4bc849 62473 4bc853 GetLastError 62472->62473 62474 4bc87f 62472->62474 62525 49507a 14 API calls 2 library calls 62473->62525 62474->62469 62476 4bc85f 62526 4a3069 15 API calls 3 library calls 62476->62526 62478->62424 62479->62430 62480->62430 62482 4bc303 62481->62482 62483 4bc2e9 62481->62483 62527 4bc258 62482->62527 62483->62482 62534 4950d4 14 API calls __dosmaperr 62483->62534 62486 4bc2f8 62535 497d29 41 API calls __wsopen_s 62486->62535 62488 4bc33b 62489 4bc36a 62488->62489 62536 4950d4 14 API calls __dosmaperr 62488->62536 62496 4bc3bd 62489->62496 62538 4ba591 41 API calls 2 library calls 62489->62538 62492 4bc35f 62537 497d29 41 API calls __wsopen_s 62492->62537 62493 4bc3b8 62495 497d56 __Getcoll 11 API calls 62493->62495 62493->62496 62497 4bc441 62495->62497 62496->62434 62496->62435 62499 4a2f62 __FrameHandler3::FrameUnwindToState 62498->62499 62541 49b2e1 EnterCriticalSection 62499->62541 62501 4a2fb0 62542 4a3060 62501->62542 62503 4a2f8e 62506 4a2d2d __wsopen_s 15 API calls 62503->62506 62504 4a2f69 62504->62501 62504->62503 62508 4a2ffd EnterCriticalSection 62504->62508 62507 4a2f93 62506->62507 62507->62501 62545 4a2e7b EnterCriticalSection 62507->62545 62508->62501 62510 4a300a LeaveCriticalSection 62508->62510 62510->62504 62511->62452 62512->62439 62513->62469 62514->62445 62515->62439 62516->62458 62517->62439 62518->62454 62519->62460 62520->62461 62521->62462 62522->62469 62523->62465 62524->62472 62525->62476 62526->62474 62529 4bc270 62527->62529 62528 4bc28b 62528->62488 62529->62528 62539 4950d4 14 API calls __dosmaperr 62529->62539 62531 4bc2af 62540 497d29 41 API calls __wsopen_s 62531->62540 62533 4bc2ba 62533->62488 62534->62486 62535->62482 62536->62492 62537->62489 62538->62493 62539->62531 62540->62533 62541->62504 62546 49b329 LeaveCriticalSection 62542->62546 62544 4a2fd0 62544->62440 62544->62441 62545->62501 62546->62544 62547 48db16 62548 48db1e 62547->62548 62549 48e1c0 46 API calls 62548->62549 62550 48db2a 62549->62550 62551 4abbf5 CatchGuardHandler 5 API calls 62550->62551 62552 48e0d0 62551->62552

                                                                Executed Functions

                                                                Function 00485F00 Relevance: 31.7, APIs: 21, Instructions: 205windowCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • KiUserCallbackDispatcher.NTDLL(0000004C), ref: 00485F72
                                                                • GetSystemMetrics.USER32(0000004D), ref: 00485F7C
                                                                • GetSystemMetrics.USER32(0000004E), ref: 00485F86
                                                                • GetSystemMetrics.USER32(0000004F), ref: 00485F90
                                                                • GetDC.USER32(00000000), ref: 00485F9A
                                                                • GetDeviceCaps.GDI32(00000000,00000008), ref: 00485FAF
                                                                • GetDeviceCaps.GDI32(?,0000000A), ref: 00485FBB
                                                                • CreateCompatibleDC.GDI32(?), ref: 00485FC5
                                                                • CreateCompatibleBitmap.GDI32(?,00000000,00000000), ref: 00485FDA
                                                                • SelectObject.GDI32(?,00000000), ref: 00485FEE
                                                                • BitBlt.GDI32(?,00000000,00000000,?,?,?,?,?,40CC0020), ref: 0048601D
                                                                • SHCreateMemStream.SHLWAPI(00000000,00000000), ref: 0048604F
                                                                • DeleteDC.GDI32(?), ref: 0048606E
                                                                • ReleaseDC.USER32(00000000,?), ref: 00486077
                                                                • DeleteObject.GDI32(?), ref: 00486083
                                                                • IStream_Size.SHLWAPI(?,?,?), ref: 004860F5
                                                                • IStream_Reset.SHLWAPI(?), ref: 00486104
                                                                • IStream_Read.SHLWAPI(?,00000000,?,?), ref: 0048611E
                                                                • DeleteDC.GDI32(?), ref: 00486175
                                                                • ReleaseDC.USER32(00000000,?), ref: 00486183
                                                                • DeleteObject.GDI32(?), ref: 0048618F
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Delete$CreateMetricsObjectStream_System$CapsCompatibleDeviceRelease$BitmapCallbackDispatcherReadResetSelectSizeStreamUser
                                                                • String ID:
                                                                • API String ID: 2798906502-0
                                                                • Opcode ID: 99dc10b740a5f021b41c68854b237c0d4245f8800150c2945631f9edaba6f951
                                                                • Instruction ID: 1540f068b23de5c11a4fec01122546931e44dbb37a8a944e45ab45a1281bc334
                                                                • Opcode Fuzzy Hash: 99dc10b740a5f021b41c68854b237c0d4245f8800150c2945631f9edaba6f951
                                                                • Instruction Fuzzy Hash: F4812971C01218AFDB11EB64DC49BEDBBB8EF09314F1041AAE509B7291DB742E84CF99
                                                                Function 00488400 Relevance: 27.7, APIs: 5, Strings: 10, Instructions: 1461COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 37 488400-488efa call 486990 call 4868b0 call 486c50 call 4863f0 call 4864e0 call 488190 call 486250 call 4517f0 call 44a980 call 44d3b0 call 4abc08 call 44bad0 call 4517f0 call 44a980 call 44d3b0 call 4517f0 call 44a980 call 44d3b0 call 4abc08 call 44bad0 call 4517f0 call 44a980 call 44d3b0 call 4517f0 call 44a980 call 44d3b0 call 4abc08 call 44bad0 call 4517f0 call 44a980 call 44d3b0 call 4517f0 call 44a980 call 44d3b0 call 4abc08 call 44bad0 call 4517f0 call 44a980 call 44d3b0 GlobalMemoryStatusEx call 4bcea0 call 4517f0 call 44a980 call 44d3b0 call 4517f0 call 44a980 call 44d3b0 call 4517f0 call 44a980 call 44d3b0 call 4abc08 call 44bad0 call 4517f0 call 44a980 call 44d3b0 call 4517f0 call 44a980 call 44d3b0 call 4abc08 call 44bad0 156 488f01-488f06 37->156 156->156 157 488f08-48908f call 4517f0 call 44a980 call 44d3b0 call 4517f0 call 44a980 call 485f00 156->157 170 489091 157->170 171 489093-4890ec call 44e890 call 44ed10 157->171 170->171 176 4890f0-4890f5 171->176 176->176 177 4890f7-48945b call 4517f0 call 44a980 call 44d3b0 call 44d060 * 2 call 4517f0 call 44a980 GetDesktopWindow GetWindowRect call 47fa30 * 2 call 44e220 call 48f1f0 call 44d060 * 3 call 44ed10 176->177 208 489462-489467 177->208 208->208 209 489469-489590 call 4517f0 call 44a980 call 44d3b0 call 44d060 call 4517f0 call 44a980 call 497ec8 call 4988eb call 498c76 208->209 228 489597-48959c 209->228 228->228 229 48959e-4897c4 call 4517f0 call 44ed10 call 4517f0 call 44a980 call 44d3b0 call 44d060 call 4517f0 call 44a980 call 4ade50 GetModuleFileNameA 228->229 248 4897c7-4897cc 229->248 248->248 249 4897ce-48986b call 4517f0 call 44e890 call 44ed10 248->249 256 489870-489875 249->256 256->256 257 489877-489975 call 4517f0 call 44a980 call 44d3b0 call 44d060 * 2 call 4517f0 call 44a980 call 487780 256->257 274 489979-489bdc call 44e890 call 44ed10 call 4517f0 call 44a980 call 44d3b0 call 44d060 * 2 call 4517f0 call 44a980 call 44e890 call 44ed10 257->274 275 489977 257->275 298 489be0-489be5 274->298 275->274 298->298 299 489be7-489c9a call 4517f0 call 44a980 call 44d3b0 call 44d060 298->299 308 489ca0-489dcd call 4517f0 call 44a980 call 44d3b0 call 4abc08 call 44bad0 call 4517f0 call 44a980 299->308 309 489dd2-489e7d call 4517f0 call 44a980 call 44ca70 call 4517f0 call 44a980 299->309 330 489e83-489f21 call 44d3b0 call 44d060 * 7 call 4abbf5 308->330 309->330
                                                                APIs
                                                                  • Part of subcall function 00486990: EnumDisplayDevicesW.USER32(00000000,00000000,00000348,00000001), ref: 00486A68
                                                                  • Part of subcall function 00486990: EnumDisplayDevicesW.USER32(00000000,00000001,00000348,00000001), ref: 00486ABD
                                                                  • Part of subcall function 004868B0: RegGetValueA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,ProductName,00000002,00000000,?,?), ref: 00486916
                                                                  • Part of subcall function 004863F0: GetUserNameW.ADVAPI32(?,?), ref: 00486464
                                                                  • Part of subcall function 004864E0: GetComputerNameW.KERNEL32(?,?), ref: 00486554
                                                                  • Part of subcall function 004517F0: Concurrency::cancel_current_task.LIBCPMT ref: 004518C2
                                                                  • Part of subcall function 0044BAD0: Concurrency::cancel_current_task.LIBCPMT ref: 0044BBB3
                                                                • GlobalMemoryStatusEx.KERNEL32(?,00000003), ref: 00488A6C
                                                                • GetDesktopWindow.USER32 ref: 0048936A
                                                                • GetWindowRect.USER32(00000000), ref: 00489371
                                                                • _strftime.LIBCMT ref: 0048956B
                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,system,00000006), ref: 0048979A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Name$Concurrency::cancel_current_taskDevicesDisplayEnumWindow$ComputerDesktopFileGlobalMemoryModuleRectStatusUserValue_strftime
                                                                • String ID: %d-%m-%Y, %H:%M:%S$>wfw$computer_name$cpu$gpu$ram$system$time$timezone$user_name
                                                                • API String ID: 3994675093-2215247992
                                                                • Opcode ID: 780eb4c071b8c58362fb5c4d0a213da67d6cb8a55b1d61346fd39ba53df65c40
                                                                • Instruction ID: 1ab1bce1cb2369babe93dc2c843a9f66333b387f055d73d8335e63cf3a34051b
                                                                • Opcode Fuzzy Hash: 780eb4c071b8c58362fb5c4d0a213da67d6cb8a55b1d61346fd39ba53df65c40
                                                                • Instruction Fuzzy Hash: FC037970C052A99BDB26DF28C8547DDBBB1AF19308F2482DEE44867242DB751F85CF92
                                                                Function 0047E240 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 199synchronizationCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • GetCurrentProcess.KERNEL32(00000008,00000000,8762CD73), ref: 0047E2A3
                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 0047E2AA
                                                                • GetTokenInformation.KERNELBASE(00000000,00000014(TokenIntegrityLevel),?,00000004,00000004), ref: 0047E2CE
                                                                • CloseHandle.KERNEL32(00000000), ref: 0047E2F3
                                                                • ExitProcess.KERNEL32 ref: 0047E32D
                                                                • OpenMutexA.KERNEL32(001F0001,00000000,?), ref: 0047E411
                                                                • ExitProcess.KERNEL32 ref: 0047E420
                                                                • CreateMutexA.KERNEL32(00000000,00000000,?), ref: 0047E436
                                                                • ExitProcess.KERNEL32 ref: 0047E457
                                                                • ReleaseMutex.KERNEL32(00000000), ref: 0047E525
                                                                • CloseHandle.KERNEL32(00000000), ref: 0047E52C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Process$ExitMutex$CloseHandleOpenToken$CreateCurrentInformationRelease
                                                                • String ID: SeDebugPrivilege$SeImpersonatePrivilege
                                                                • API String ID: 1905835197-3768118664
                                                                • Opcode ID: 1304b057001cb0e859eaf618cd2e17930212c1f0f1b5904f04536edf5095bcb9
                                                                • Instruction ID: e600725b129d9e3f70f3f4d3925b8df88ff981f4a24a656009bcaac003b6a44b
                                                                • Opcode Fuzzy Hash: 1304b057001cb0e859eaf618cd2e17930212c1f0f1b5904f04536edf5095bcb9
                                                                • Instruction Fuzzy Hash: 80817F70D01258EFDB00EFE6D9457DDBBB4EF08308F10815EE51AA7281DB785A05DB69
                                                                Function 00446400 Relevance: 20.1, APIs: 8, Strings: 3, Instructions: 833libraryloaderCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 435 446400-44650e LoadLibraryA 436 446514-446a39 GetProcAddress * 6 435->436 437 44738b-447390 435->437 438 447385 436->438 439 446a3f-446a46 436->439 440 447392-447395 437->440 441 44739c-44739e 437->441 438->437 439->438 442 446a4c-446a53 439->442 440->441 443 4473a7-4473c4 call 4abbf5 441->443 444 4473a0-4473a1 FreeLibrary 441->444 442->438 445 446a59-446a60 442->445 444->443 445->438 448 446a66-446a68 445->448 448->438 450 446a6e-446a70 448->450 450->438 451 446a76-446a84 450->451 451->438 453 446a8a-446a95 451->453 453->438 454 446a9b-446a9d 453->454 455 446aa3-446aba 454->455 457 447366-44737f 455->457 458 446ac0-446ade 455->458 457->438 457->455 458->457 460 446ae4-446aed 458->460 461 447352-44735a 460->461 462 446af3-446b06 460->462 461->457 463 446b10-446b54 call 4abc08 462->463 467 446d5e-446d62 463->467 468 446b5a-446b5f 463->468 469 446f6e-446f9d 467->469 470 446d68-446d6d 467->470 468->467 471 446b65-446c5d call 47a340 468->471 478 4471c6-4471cd 469->478 479 446fa3-446fae 469->479 470->469 472 446d73-446e6b call 47a340 470->472 480 446c60-446c65 471->480 482 446e70-446e75 472->482 483 447302-447340 call 452630 call 4abfa3 478->483 484 4471d3-4472fc call 4517f0 call 44a980 call 4517f0 call 44a980 call 44d3b0 call 4abc08 call 46b040 call 44a850 call 44d3b0 478->484 485 446fb4-446fb9 479->485 486 4471bb-4471bd 479->486 480->480 481 446c67-446d58 call 4517f0 call 44e890 call 44ed10 call 4503c0 call 44d3b0 call 44d060 * 3 480->481 481->467 482->482 489 446e77-446f68 call 4517f0 call 44e890 call 44ed10 call 4503c0 call 44d3b0 call 44d060 * 3 482->489 483->463 512 447346-44734c 483->512 484->483 485->486 492 446fbf-4470ad call 47a340 485->492 486->478 488 4471bf 486->488 488->478 489->469 503 4470b7-4470bc 492->503 503->503 508 4470be-4471b5 call 4517f0 call 44e890 call 44ed10 call 4503c0 call 44d3b0 call 44d060 * 3 503->508 508->486 512->461
                                                                APIs
                                                                • LoadLibraryA.KERNEL32(?,8762CD73), ref: 004464FE
                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 0044664C
                                                                • GetProcAddress.KERNEL32(?,?), ref: 0044678C
                                                                • GetProcAddress.KERNEL32(?,?), ref: 00446831
                                                                • GetProcAddress.KERNEL32(?,?), ref: 004468D6
                                                                • GetProcAddress.KERNEL32(?,?), ref: 0044697B
                                                                • GetProcAddress.KERNEL32(?,?), ref: 00446A27
                                                                • FreeLibrary.KERNEL32(00000000), ref: 004473A1
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AddressProc$Library$FreeLoad
                                                                • String ID: system$vault$!F
                                                                • API String ID: 2449869053-2452413646
                                                                • Opcode ID: e0fea6c89a0f53085211ecf823e563bfcd2fd38e707c4234fd3e69986002ee46
                                                                • Instruction ID: b3fd50756066dde9c2bcdca3b11f87412f5b17b86e41c1a20d378922be8368ac
                                                                • Opcode Fuzzy Hash: e0fea6c89a0f53085211ecf823e563bfcd2fd38e707c4234fd3e69986002ee46
                                                                • Instruction Fuzzy Hash: 2CA2DFB4D0426D8BDB25CFA8C884BEEBBB1BF59304F1081DAD948B7251DB385A85CF54
                                                                Function 00485840 Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 364networkfileCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1601 485840-485a7a 1602 485a84-485a89 1601->1602 1602->1602 1603 485a8b-485ac7 call 4517f0 InternetOpenA 1602->1603 1606 485ac9-485aeb 1603->1606 1607 485af0-485b0f 1603->1607 1608 485e01-485e2f call 44d060 call 4abbf5 1606->1608 1609 485b11 1607->1609 1610 485b13-485b37 InternetOpenUrlA 1607->1610 1609->1610 1612 485b39-485b58 1610->1612 1613 485b5d-485b87 HttpQueryInfoW 1610->1613 1615 485df4-485df8 1612->1615 1616 485b89-485ba8 1613->1616 1617 485bad-485c15 call 4ade50 HttpQueryInfoW 1613->1617 1615->1608 1619 485de9-485dee InternetCloseHandle 1616->1619 1623 485c46-485c57 InternetQueryDataAvailable 1617->1623 1624 485c17-485c2a call 4949e3 1617->1624 1619->1615 1626 485d8a-485de4 call 44d060 1623->1626 1627 485c5d-485c5f 1623->1627 1624->1623 1631 485c2c-485c40 call 4516d0 1624->1631 1626->1619 1629 485c60-485c6b 1627->1629 1632 485d81 1629->1632 1633 485c71-485ce8 call 465e90 call 4ade50 InternetReadFile 1629->1633 1631->1623 1636 485d84 1632->1636 1641 485cee-485cf3 1633->1641 1642 485d73-485d7f call 454ec0 1633->1642 1636->1626 1644 485d70 1641->1644 1645 485cf5-485d05 1641->1645 1642->1636 1644->1642 1647 485d31-485d3e call 4520f0 1645->1647 1648 485d07-485d2f call 4ad8d0 1645->1648 1652 485d43-485d63 call 454ec0 InternetQueryDataAvailable 1647->1652 1648->1652 1652->1636 1655 485d65-485d6b 1652->1655 1655->1629
                                                                APIs
                                                                • InternetOpenA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00485AB8
                                                                • InternetOpenUrlA.WININET(00000000,?,?,00000000,84880100,00000000), ref: 00485B23
                                                                • HttpQueryInfoW.WININET(00000000,00000013,?,?,00000000), ref: 00485B7C
                                                                • HttpQueryInfoW.WININET(00000000,00000005,?,00000040,00000000), ref: 00485C0D
                                                                • InternetQueryDataAvailable.WININET(00000000,?,00000000,00000000), ref: 00485C4F
                                                                • InternetReadFile.WININET(00000000,00000000,?,0B911A77), ref: 00485CE0
                                                                • InternetCloseHandle.WININET(00000000), ref: 00485DEE
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Internet$Query$HttpInfoOpen$AvailableCloseDataFileHandleRead
                                                                • String ID: dk{u
                                                                • API String ID: 1359475806-1025949191
                                                                • Opcode ID: 27b0cd3a0b6fc00430f0ab845b11a26261cda9ec311c293bfde6673f79c1c1f5
                                                                • Instruction ID: 61ea4010c365d261526b7633df9a1f3866779007c1279ae13805143fd257e1b9
                                                                • Opcode Fuzzy Hash: 27b0cd3a0b6fc00430f0ab845b11a26261cda9ec311c293bfde6673f79c1c1f5
                                                                • Instruction Fuzzy Hash: 320203B0D057599BDB20CFA4C944BDDBBB5BF19304F20819AE848BB241EB746A84CF95
                                                                Function 004B8545 Relevance: 15.2, APIs: 10, Instructions: 200fileCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1656 4b8545-4b857a 1657 4b858d-4b8596 1656->1657 1658 4b857c-4b8583 1656->1658 1660 4b8598-4b859b 1657->1660 1661 4b85b0-4b85b2 1657->1661 1658->1657 1659 4b8585-4b8588 1658->1659 1662 4b87a0-4b87ae call 4abbf5 1659->1662 1660->1661 1663 4b859d-4b85a4 1660->1663 1664 4b85b8-4b85bb 1661->1664 1665 4b879e 1661->1665 1667 4b85aa-4b85ad 1663->1667 1668 4b85a6-4b85a8 1663->1668 1669 4b85c1-4b85c4 1664->1669 1670 4b86b4-4b86e1 call 4b8827 1664->1670 1665->1662 1667->1661 1668->1661 1668->1667 1673 4b85d6-4b85e5 GetFileAttributesExW 1669->1673 1674 4b85c6-4b85cc 1669->1674 1681 4b86ea-4b86ed 1670->1681 1682 4b86e3-4b86e5 1670->1682 1675 4b864d-4b8668 1673->1675 1676 4b85e7-4b85f0 GetLastError 1673->1676 1674->1673 1678 4b85ce-4b85d0 1674->1678 1680 4b866e-4b8676 1675->1680 1676->1662 1679 4b85f6-4b8607 FindFirstFileW 1676->1679 1678->1670 1678->1673 1683 4b8609-4b860f GetLastError 1679->1683 1684 4b8614-4b864b FindClose 1679->1684 1685 4b8678-4b867f 1680->1685 1686 4b8681-4b86a8 1680->1686 1688 4b86ef-4b8700 GetFileInformationByHandleEx 1681->1688 1689 4b875c-4b875f 1681->1689 1687 4b8794-4b879c call 4b830c 1682->1687 1683->1662 1684->1680 1685->1686 1690 4b86ae 1685->1690 1686->1665 1686->1690 1687->1662 1694 4b870f-4b872a 1688->1694 1695 4b8702-4b870a GetLastError 1688->1695 1691 4b8789-4b878b 1689->1691 1692 4b8761-4b8772 GetFileInformationByHandleEx 1689->1692 1690->1670 1698 4b878d-4b878f 1691->1698 1699 4b8791-4b8793 1691->1699 1692->1695 1697 4b8774-4b8786 1692->1697 1694->1689 1696 4b872c-4b8732 1694->1696 1695->1687 1701 4b8755 1696->1701 1702 4b8734-4b8748 GetFileInformationByHandleEx 1696->1702 1697->1691 1698->1687 1699->1687 1704 4b8759 1701->1704 1702->1695 1703 4b874a-4b8753 1702->1703 1703->1704 1704->1689
                                                                APIs
                                                                • GetFileAttributesExW.KERNEL32(000000FF,00000000,?,00000001,?,?), ref: 004B85DD
                                                                • GetLastError.KERNEL32 ref: 004B85E7
                                                                • FindFirstFileW.KERNEL32(000000FF,?), ref: 004B85FE
                                                                • GetLastError.KERNEL32 ref: 004B8609
                                                                • FindClose.KERNEL32(00000000), ref: 004B8615
                                                                • ___std_fs_open_handle@16.LIBCPMT ref: 004B86CE
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ErrorFileFindLast$AttributesCloseFirst___std_fs_open_handle@16
                                                                • String ID:
                                                                • API String ID: 2340820627-0
                                                                • Opcode ID: 26e86fa6e15967cd6674ed6e37e588395ab66286ab2511015f361a3ca517eeda
                                                                • Instruction ID: b482ff722bd6c6e5562e69f300935f677b27db246a655513dfd80cbad8c50a56
                                                                • Opcode Fuzzy Hash: 26e86fa6e15967cd6674ed6e37e588395ab66286ab2511015f361a3ca517eeda
                                                                • Instruction Fuzzy Hash: 6271A174A01619AFCB60CF28DC84BEAB7B8BF15314F24466AE854E3380DF389D41CB65
                                                                Function 0048CB50 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1985 48cb50-48cbae 1986 48cbb0-48cbb9 1985->1986 1986->1986 1987 48cbbb-48cbd0 GetCurrentProcess OpenProcessToken 1986->1987 1988 48cc1d 1987->1988 1989 48cbd2-48cbe7 LookupPrivilegeValueW 1987->1989 1991 48cc1f-48cc2b 1988->1991 1989->1988 1990 48cbe9-48cc1b AdjustTokenPrivileges 1989->1990 1990->1991 1992 48cc2d-48cc34 CloseHandle 1991->1992 1993 48cc37-48cc54 call 4abbf5 1991->1993 1992->1993
                                                                APIs
                                                                • GetCurrentProcess.KERNEL32(00000028,8762CD73,8762CD73,00000000,00000000), ref: 0048CBC1
                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 0048CBC8
                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 0048CBDF
                                                                • AdjustTokenPrivileges.KERNELBASE(?,00000000,?,00000010,00000000,00000000), ref: 0048CC10
                                                                • CloseHandle.KERNEL32(00000000), ref: 0048CC2E
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesValue
                                                                • String ID: SeDebugPrivilege
                                                                • API String ID: 3038321057-2896544425
                                                                • Opcode ID: 0de4daaceb39ec4f5814627b6f1dd40d7c5fb6c13739ccbd22e93afb17c114b7
                                                                • Instruction ID: c2b5bf8999928723eaabf61e86e1a0babf1022b92d12b441156265fc3f808218
                                                                • Opcode Fuzzy Hash: 0de4daaceb39ec4f5814627b6f1dd40d7c5fb6c13739ccbd22e93afb17c114b7
                                                                • Instruction Fuzzy Hash: 4631A471D01208AFDB10DFA5DD85BEEBBB8EB09710F14422BE911B7280DB745A44CBB5
                                                                Function 004473D0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 301processCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,8762CD73), ref: 0044741C
                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 00447468
                                                                • Process32NextW.KERNEL32(?,0000022C), ref: 004475CD
                                                                • CloseHandle.KERNEL32(?), ref: 004478D2
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                • String ID: [PID:
                                                                • API String ID: 420147892-2210602247
                                                                • Opcode ID: cefa39f860a061b5cdc928b49f93e6ea5fa11b751c85222641e7e19468bf29e5
                                                                • Instruction ID: 3632983ffbfa210010dfb9a713b5006bf5dbac80d679a8e5b8b4f374b17b9b69
                                                                • Opcode Fuzzy Hash: cefa39f860a061b5cdc928b49f93e6ea5fa11b751c85222641e7e19468bf29e5
                                                                • Instruction Fuzzy Hash: 0AE14770D112689BDB2ADF24CC807AEBBB9BF59304F1481D9E84867251DB346F89CF45
                                                                Function 004402D0 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 333fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindFirstFileW.KERNEL32(00000000,?,?), ref: 004403C0
                                                                • FindNextFileW.KERNELBASE(00000000,?), ref: 004406F2
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FileFind$FirstNext
                                                                • String ID: content$filename
                                                                • API String ID: 1690352074-474635906
                                                                • Opcode ID: 3df7f202a6b99253f354de22ded639a46978a58fefe962044121c03344fab8ef
                                                                • Instruction ID: 3fd07a7a2c97014430c74f1e6d5836f1a3ad12268408335d8deab24a75892f91
                                                                • Opcode Fuzzy Hash: 3df7f202a6b99253f354de22ded639a46978a58fefe962044121c03344fab8ef
                                                                • Instruction Fuzzy Hash: 2BD1D430D01249DBEB15EB64CD457EEBBB4AF21308F1440AEE505A7292DB785F48CB96
                                                                Function 00485350 Relevance: 6.3, APIs: 4, Instructions: 316networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • recv.WS2_32(?,00002000,00000000), ref: 004854A4
                                                                • recv.WS2_32(?,00000001,00000000), ref: 004857E2
                                                                • closesocket.WS2_32(00000254), ref: 004857EE
                                                                • WSACleanup.WS2_32 ref: 004857F4
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: recv$Cleanupclosesocket
                                                                • String ID:
                                                                • API String ID: 146070474-0
                                                                • Opcode ID: 9e36abc3380925dd93690334c8facdcdb208839f31d4ee637cc8ac082e786f44
                                                                • Instruction ID: ea48c0c3f42896101b1dfecbe024c21eb3956ad5c3a4809403442742827d540a
                                                                • Opcode Fuzzy Hash: 9e36abc3380925dd93690334c8facdcdb208839f31d4ee637cc8ac082e786f44
                                                                • Instruction Fuzzy Hash: 4CE19C70D01298DEDB14EB64CC49BDEBBB2BF14308F1041DAE449AB292DB745E88DF95
                                                                Function 00487780 Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 515timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetTimeZoneInformation.KERNEL32(?,8762CD73,00000000,000000BF), ref: 00487C87
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: InformationTimeZone
                                                                • String ID: @Zb=$[UTC
                                                                • API String ID: 565725191-730387550
                                                                • Opcode ID: cf8fb0669151e3915c1c56c918cda204041e77f9a4f9e4b93b5b3df9b86f4cc7
                                                                • Instruction ID: 6d71337f0f8cf227c7c56c381cd8fae4285dcd83216f0cb77706b7edbf0b928b
                                                                • Opcode Fuzzy Hash: cf8fb0669151e3915c1c56c918cda204041e77f9a4f9e4b93b5b3df9b86f4cc7
                                                                • Instruction Fuzzy Hash: E0520270D052688BDB25CF28CC947DDBBB1BF59304F1082DAD949AB281DB756B85CF84
                                                                Function 004A1074 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 156timeCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0049C0BD: RtlFreeHeap.NTDLL(00000000,00000000,?,004A4A11,?,00000000,?,?,004A4CB2,?,00000007,?,?,004A3378,?,?), ref: 0049C0D3
                                                                  • Part of subcall function 0049C0BD: GetLastError.KERNEL32(?,?,004A4A11,?,00000000,?,?,004A4CB2,?,00000007,?,?,004A3378,?,?), ref: 0049C0DE
                                                                • GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,004A1227,00000000,00000000,00000000), ref: 004A10E6
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ErrorFreeHeapInformationLastTimeZone
                                                                • String ID: Eastern Standard Time$Eastern Summer Time
                                                                • API String ID: 3335090040-239921721
                                                                • Opcode ID: cbda99af75327c4c820746f38f84b7f1daa917d9e057987815aac769d108124b
                                                                • Instruction ID: 53762b2ebd1cb462dfa51e434dc7c6f7f2cc61e8d19f93444a713380c049c16d
                                                                • Opcode Fuzzy Hash: cbda99af75327c4c820746f38f84b7f1daa917d9e057987815aac769d108124b
                                                                • Instruction Fuzzy Hash: 73410871C00224ABDB10AF76DC45A9F7BB8EF6A754F10415BF510EB2A1E7349D04DB98
                                                                Function 004B84C0 Relevance: 4.5, APIs: 3, Instructions: 35COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • FindClose.KERNEL32(000000FF,?,004B84EE,00000001,?,?,00437D69,?,004BDC4D,00000001,?,?,?,8762CD73,00000001), ref: 004B84CC
                                                                • FindFirstFileExW.KERNEL32(000000FF,00000001,8762CD73,00000000,00000000,00000000,00000001,00000001,?,?,004B84EE,00000001,?,?,00437D69,?), ref: 004B84FB
                                                                • GetLastError.KERNEL32(?,004B84EE,00000001,?,?,00437D69,?,004BDC4D,00000001,?,?,?,8762CD73,00000001), ref: 004B850D
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Find$CloseErrorFileFirstLast
                                                                • String ID:
                                                                • API String ID: 4020440971-0
                                                                • Opcode ID: 6891505d0e316c560b8af891ce29886cce9dd01a211028f8c8b4780eaf2fe176
                                                                • Instruction ID: a5a0d7868366c0cca89b591e166bcddb9b03d08ebbd2c2fb18ba3c3c76c3338f
                                                                • Opcode Fuzzy Hash: 6891505d0e316c560b8af891ce29886cce9dd01a211028f8c8b4780eaf2fe176
                                                                • Instruction Fuzzy Hash: 0AF03071001109BFDB216FA4EC08AAA7B9DEB14360B10862ABD28C55A0EA359961DB79
                                                                Function 004479C0 Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 647COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00487290: RegOpenKeyExA.KERNEL32(80000001,0047F265,00000000,00020019,00000000,8762CD73,?,0051C288), ref: 0048735B
                                                                  • Part of subcall function 00487290: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00487397
                                                                  • Part of subcall function 004870B0: RegOpenKeyExA.KERNEL32(80000001,0051C570,00000000,00020019,00000000,8762CD73,0051C570,0051C2A0), ref: 00487182
                                                                  • Part of subcall function 004870B0: RegQueryValueExA.KERNEL32(00000000,?,00000000,000F003F,?,00000400), ref: 004871B6
                                                                • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 004487A3
                                                                  • Part of subcall function 004870B0: RegCloseKey.ADVAPI32(00000000), ref: 00487260
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Open$CloseEnumIos_base_dtorQueryValuestd::ios_base::_
                                                                • String ID: 0hC
                                                                • API String ID: 3553622603-2581318919
                                                                • Opcode ID: ade7bf363ed15e6875cf1af1c8a60079e7d2754fd8a921585c80e4634e37238f
                                                                • Instruction ID: d381e0b8d15ce89c3a027b92e8a5ae116750b180a2e65f5cba22683de7249f8f
                                                                • Opcode Fuzzy Hash: ade7bf363ed15e6875cf1af1c8a60079e7d2754fd8a921585c80e4634e37238f
                                                                • Instruction Fuzzy Hash: EA82CEB4E152688FEB25CF18C8957DDBBB0BF5A304F5082DAD98DA7241DB305A85CF81
                                                                Function 0047A610 Relevance: 3.1, APIs: 2, Instructions: 119encryptionCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 0047A678
                                                                • LocalFree.KERNEL32(?,00000000), ref: 0047A70F
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CryptDataFreeLocalUnprotect
                                                                • String ID:
                                                                • API String ID: 1561624719-0
                                                                • Opcode ID: 23f8f3dfd76d3946956684746ccb5c99c2b1de592e134c678ee3552ffd4f36d7
                                                                • Instruction ID: 0fc5e8941a16b16f9458543aa06cdc6e77fe0ca1878954e15eaf8ff6be4b297f
                                                                • Opcode Fuzzy Hash: 23f8f3dfd76d3946956684746ccb5c99c2b1de592e134c678ee3552ffd4f36d7
                                                                • Instruction Fuzzy Hash: 86518B70C00249EBEB00DFA5D845BDEFBB4FF54708F14821AE81477281D7B96A98CBA5
                                                                Function 00487550 Relevance: 1.6, APIs: 1, Instructions: 133COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLogicalDriveStringsW.KERNEL32(00000104,?,8762CD73), ref: 00487605
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: DriveLogicalStrings
                                                                • String ID:
                                                                • API String ID: 2022863570-0
                                                                • Opcode ID: af7986355f76353f56621d05ed0878166b8efb0a331a21fa16df84ccda1fe4cc
                                                                • Instruction ID: 0be71067b94349f3b163f10fc7865c9901b3f86c171c2f757c76e38bbf7f7ec5
                                                                • Opcode Fuzzy Hash: af7986355f76353f56621d05ed0878166b8efb0a331a21fa16df84ccda1fe4cc
                                                                • Instruction Fuzzy Hash: 3351BD70C05318DBDB20DF64D85979EB7B0EF18304F1082DED409A7291EBB86A88CB95
                                                                Function 004863F0 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetUserNameW.ADVAPI32(?,?), ref: 00486464
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: NameUser
                                                                • String ID:
                                                                • API String ID: 2645101109-0
                                                                • Opcode ID: f4ed9f5e37941df1e9ba9867385f1ec3f0cb7986d12087e88cefc21d8231c34a
                                                                • Instruction ID: 991b9e5c4f1dd7985d860474454b41f109cd49006b683c09ab2e27c6457cb47f
                                                                • Opcode Fuzzy Hash: f4ed9f5e37941df1e9ba9867385f1ec3f0cb7986d12087e88cefc21d8231c34a
                                                                • Instruction Fuzzy Hash: AF217FB0D043189BD721DF15C844B9ABBF4FB08714F0046AEE84997380DBB9A6849BE5
                                                                Function 00486C50 Relevance: 1.4, Strings: 1, Instructions: 198COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID: cores
                                                                • API String ID: 0-2370456839
                                                                • Opcode ID: 7caecc748150b05fedb2737b290fa2d10d67063e027dfbdfaad7aac65fe8cbf0
                                                                • Instruction ID: e3a9e89045bf121aadbf864e887aeb25ba0c58f762de233e8adf5c73134b1a6d
                                                                • Opcode Fuzzy Hash: 7caecc748150b05fedb2737b290fa2d10d67063e027dfbdfaad7aac65fe8cbf0
                                                                • Instruction Fuzzy Hash: 2B916871D003599BDB00CFA8C9547EEFBB4FF59304F14825AE404BB292EBB56A84CB91
                                                                Function 00480C80 Relevance: 19.8, APIs: 13, Instructions: 258windowCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 565 480c80-480cd2 call 4808f0 568 480d19 565->568 569 480cd4-480ce1 EnterCriticalSection 565->569 572 480d1e-480d3e call 4abbf5 568->572 570 480d41-480d58 LeaveCriticalSection GdipGetImageEncodersSize 569->570 571 480ce3-480d10 GdiplusStartup 569->571 570->568 575 480d5a-480d6e 570->575 571->570 573 480d12-480d13 LeaveCriticalSection 571->573 573->568 577 480d8a-480d91 575->577 578 480d70-480d77 call 480510 575->578 579 480f79-480f83 call 4805d0 577->579 580 480d97-480da5 call 497e9c 577->580 585 480d79-480d85 call 4ac9f0 578->585 586 480d87 578->586 590 480db5 580->590 591 480da7-480db2 580->591 593 480db8-480dbd 585->593 586->577 590->593 591->590 594 480dc9-480dd6 GdipGetImageEncoders 593->594 595 480dbf-480dc4 593->595 597 480f39-480f3e 594->597 598 480ddc-480de2 594->598 596 480f54-480f5d 595->596 599 480f5f 596->599 600 480f72-480f74 596->600 597->596 601 480e32 598->601 602 480de4-480ded 598->602 604 480f60-480f70 call 497357 599->604 600->572 605 480e39-480e4a 601->605 603 480df0-480dfa 602->603 606 480e00-480e04 603->606 604->600 608 480e50-480e54 605->608 609 480e1d-480e30 606->609 610 480e06-480e0f 606->610 612 480e6b-480e80 608->612 613 480e56-480e5f 608->613 609->601 609->603 610->606 614 480e11-480e1b 610->614 616 480ee1-480f22 GdipCreateBitmapFromHBITMAP GdipSaveImageToStream 612->616 617 480e82-480ed8 GdipCreateBitmapFromScan0 GdipSaveImageToStream 612->617 613->608 615 480e61-480e66 613->615 614->605 615->596 620 480f40-480f52 GdipDisposeImage 616->620 621 480f24 616->621 618 480eda-480edd 617->618 619 480edf 617->619 622 480f27-480f33 GdipDisposeImage 618->622 619->620 620->596 621->622 622->597
                                                                APIs
                                                                  • Part of subcall function 004808F0: InitializeCriticalSectionEx.KERNEL32(0051C7AC,00000000,00000000), ref: 0048096F
                                                                  • Part of subcall function 004808F0: GetLastError.KERNEL32 ref: 00480979
                                                                • EnterCriticalSection.KERNEL32(00000004,8762CD73,?,?), ref: 00480CD8
                                                                • GdiplusStartup.GDIPLUS(00000000,00000001,?), ref: 00480D08
                                                                • LeaveCriticalSection.KERNEL32(00000004), ref: 00480D13
                                                                • LeaveCriticalSection.KERNEL32(00000004,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00480D42
                                                                • GdipGetImageEncodersSize.GDIPLUS(?,?), ref: 00480D50
                                                                • __alloca_probe_16.LIBCMT ref: 00480D7E
                                                                • GdipGetImageEncoders.GDIPLUS(?,?,00000000), ref: 00480DCE
                                                                • GdipCreateBitmapFromScan0.GDIPLUS(?,?,?,0026200A,?,?), ref: 00480EB3
                                                                • GdipSaveImageToStream.GDIPLUS(00000000,?,?,00000000), ref: 00480ED0
                                                                • GdipDisposeImage.GDIPLUS(00000000), ref: 00480F33
                                                                • GdipDisposeImage.GDIPLUS(00000000), ref: 00480F4C
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Gdip$Image$CriticalSection$DisposeEncodersLeave$BitmapCreateEnterErrorFromGdiplusInitializeLastSaveScan0SizeStartupStream__alloca_probe_16
                                                                • String ID:
                                                                • API String ID: 1308617310-0
                                                                • Opcode ID: db8e19989c3c8e354b887b54b5669c89f7a5afa25811b29cf81357a5f4059125
                                                                • Instruction ID: f4feccb951fe1b922ecb3dfaf5b8302156747445c0b76c240fb24b0f4f51c94e
                                                                • Opcode Fuzzy Hash: db8e19989c3c8e354b887b54b5669c89f7a5afa25811b29cf81357a5f4059125
                                                                • Instruction Fuzzy Hash: D1A165B1D10208DFDB50DFA4C984BAEBBF4FF49314F24452AE905A7340D778A949CBA9
                                                                Function 00481B10 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 293networkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1454 481b10-481c8d call 485e30 call 4517f0 call 44a980 call 44d3b0 call 4abc08 call 44bad0 call 4517f0 call 44a980 call 44d3b0 WSAStartup 1473 481de1 1454->1473 1474 481c93-481ca6 socket 1454->1474 1475 481de5-481e14 call 44d060 call 4abbf5 1473->1475 1476 481ddb WSACleanup 1474->1476 1477 481cac-481cde htons 1474->1477 1476->1473 1478 481e34-481ea7 call 480f90 call 44cfd0 * 2 call 480f90 1477->1478 1479 481ce4-481ceb 1477->1479 1509 481eac-481efd call 44cfd0 * 2 1478->1509 1481 481ced-481cf1 1479->1481 1482 481cf3-481cf5 1479->1482 1485 481cf7-481cfc 1481->1485 1482->1485 1488 481d18-481d1e 1485->1488 1489 481cfe 1485->1489 1494 481d20 1488->1494 1495 481d22-481d36 call 473550 1488->1495 1493 481d00-481d0e call 498020 1489->1493 1503 481d10-481d13 1493->1503 1504 481d15 1493->1504 1494->1495 1505 481d38-481d44 1495->1505 1506 481d46-481d53 1495->1506 1503->1493 1503->1504 1504->1488 1507 481d55 1505->1507 1506->1507 1508 481d57-481d5c 1506->1508 1507->1508 1510 481d5e 1508->1510 1511 481d81-481d96 call 473550 1508->1511 1509->1475 1513 481d61-481d75 call 498020 1510->1513 1521 481d98 1511->1521 1522 481d9a-481dbe inet_pton connect 1511->1522 1523 481d7e 1513->1523 1524 481d77-481d7c 1513->1524 1521->1522 1525 481dc0-481dc9 1522->1525 1526 481e15-481e1b 1522->1526 1523->1511 1524->1513 1524->1523 1525->1479 1528 481dcf-481dd5 closesocket 1525->1528 1526->1478 1527 481e1d-481e24 1526->1527 1529 481e28-481e2f call 44d7d0 1527->1529 1530 481e26 1527->1530 1528->1476 1529->1478 1530->1529
                                                                APIs
                                                                  • Part of subcall function 00485E30: GetUserGeoID.KERNEL32(00000010), ref: 00485E6C
                                                                  • Part of subcall function 00485E30: GetGeoInfoA.KERNEL32(00000000,00000004,00000000,00000000,00000000), ref: 00485E7E
                                                                  • Part of subcall function 00485E30: GetGeoInfoA.KERNEL32(0000000F,00000004,?,00000000,00000000), ref: 00485ED6
                                                                • WSAStartup.WS2_32(00000202,00516D04), ref: 00481C85
                                                                • socket.WS2_32(00000002,00000001,00000000), ref: 00481C98
                                                                • htons.WS2_32(00000002), ref: 00481CBF
                                                                • inet_pton.WS2_32(00000002,00000000,00516E98), ref: 00481DA2
                                                                • connect.WS2_32(00516E94,00000010), ref: 00481DB5
                                                                • closesocket.WS2_32 ref: 00481DD5
                                                                • WSACleanup.WS2_32 ref: 00481DDB
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Info$CleanupStartupUserclosesocketconnecthtonsinet_ptonsocket
                                                                • String ID: NG$geo$system
                                                                • API String ID: 213021568-968879199
                                                                • Opcode ID: 3e51a562f8bb916ff5cdbc648a8933530491576e42c442edfc0125d67360bed5
                                                                • Instruction ID: a79096e42c26a1a604384fcb43a931ed9af1c00745f33276f8ffcea807cfd111
                                                                • Opcode Fuzzy Hash: 3e51a562f8bb916ff5cdbc648a8933530491576e42c442edfc0125d67360bed5
                                                                • Instruction Fuzzy Hash: 1DC1AE70D01248DBDB00EFA8C8457DEBBB5FF15308F14421BE854AB391EBB86A85CB95
                                                                Function 004BC57A Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMONLIBRARYCODE
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1532 4bc57a-4bc5aa call 4bc2c8 1535 4bc5ac-4bc5b7 call 4950c1 1532->1535 1536 4bc5c5-4bc5d1 call 4a2f56 1532->1536 1543 4bc5b9-4bc5c0 call 4950d4 1535->1543 1541 4bc5ea-4bc633 call 4bc233 1536->1541 1542 4bc5d3-4bc5e8 call 4950c1 call 4950d4 1536->1542 1551 4bc6a0-4bc6a9 GetFileType 1541->1551 1552 4bc635-4bc63e 1541->1552 1542->1543 1553 4bc89f-4bc8a3 1543->1553 1554 4bc6ab-4bc6dc GetLastError call 49507a CloseHandle 1551->1554 1555 4bc6f2-4bc6f5 1551->1555 1557 4bc640-4bc644 1552->1557 1558 4bc675-4bc69b GetLastError call 49507a 1552->1558 1554->1543 1569 4bc6e2-4bc6ed call 4950d4 1554->1569 1560 4bc6fe-4bc704 1555->1560 1561 4bc6f7-4bc6fc 1555->1561 1557->1558 1562 4bc646-4bc673 call 4bc233 1557->1562 1558->1543 1566 4bc708-4bc756 call 4a2e9e 1560->1566 1567 4bc706 1560->1567 1561->1566 1562->1551 1562->1558 1575 4bc758-4bc764 call 4bc442 1566->1575 1576 4bc775-4bc79d call 4bbfdd 1566->1576 1567->1566 1569->1543 1575->1576 1581 4bc766 1575->1581 1582 4bc79f-4bc7a0 1576->1582 1583 4bc7a2-4bc7e3 1576->1583 1584 4bc768-4bc770 call 49c22b 1581->1584 1582->1584 1585 4bc7e5-4bc7e9 1583->1585 1586 4bc804-4bc812 1583->1586 1584->1553 1585->1586 1588 4bc7eb-4bc7ff 1585->1588 1589 4bc818-4bc81c 1586->1589 1590 4bc89d 1586->1590 1588->1586 1589->1590 1592 4bc81e-4bc851 CloseHandle call 4bc233 1589->1592 1590->1553 1595 4bc853-4bc87f GetLastError call 49507a call 4a3069 1592->1595 1596 4bc885-4bc899 1592->1596 1595->1596 1596->1590
                                                                APIs
                                                                  • Part of subcall function 004BC233: CreateFileW.KERNEL32(?,00000000,?,004BC623,?,?,00000000,?,004BC623,?,0000000C), ref: 004BC250
                                                                • GetLastError.KERNEL32 ref: 004BC68E
                                                                • __dosmaperr.LIBCMT ref: 004BC695
                                                                • GetFileType.KERNEL32(00000000), ref: 004BC6A1
                                                                • GetLastError.KERNEL32 ref: 004BC6AB
                                                                • __dosmaperr.LIBCMT ref: 004BC6B4
                                                                • CloseHandle.KERNEL32(00000000), ref: 004BC6D4
                                                                • CloseHandle.KERNEL32(004BB653), ref: 004BC821
                                                                • GetLastError.KERNEL32 ref: 004BC853
                                                                • __dosmaperr.LIBCMT ref: 004BC85A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                • String ID: H
                                                                • API String ID: 4237864984-2852464175
                                                                • Opcode ID: 1092716943437c36cfa02252dfbb3b8d28f6a4b1d2fea1c18a37bf8b19ebdc4d
                                                                • Instruction ID: e4caf95108e2d56c13f9780512823c5111e6df0be3dd416bceb2684eca6e9c1f
                                                                • Opcode Fuzzy Hash: 1092716943437c36cfa02252dfbb3b8d28f6a4b1d2fea1c18a37bf8b19ebdc4d
                                                                • Instruction Fuzzy Hash: 65A13632A041549FCF19AF68DCD1BEE3BA1AB46314F14015FF8119F391CB798906CBA9
                                                                Function 00450EF0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 130COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1705 450ef0-450f49 call 4b8dd0 1708 450f82-450f8f 1705->1708 1709 450f4b-450f5e call 4b8dd0 1705->1709 1710 450fa1 1708->1710 1711 450f91-450f99 1708->1711 1720 450f70-450f7c call 4b8e28 1709->1720 1721 450f60-450f6b 1709->1721 1715 450fa3-450fa7 1710->1715 1713 451091-4510bd call 4b8e28 call 4abbf5 1711->1713 1714 450f9f 1711->1714 1714->1715 1717 450fb9-450fbb 1715->1717 1718 450fa9-450fb1 call 4b9252 1715->1718 1717->1713 1723 450fc1-450fc6 1717->1723 1718->1723 1731 450fb3-450fb6 1718->1731 1720->1708 1721->1720 1727 450fcf-450fea call 4abc08 1723->1727 1728 450fc8-450fca 1723->1728 1735 450fec-450ff1 1727->1735 1736 450ff8 1727->1736 1728->1713 1731->1717 1737 450ff3-450ff6 1735->1737 1738 450ffd-451001 call 435da0 1735->1738 1736->1738 1737->1738 1740 451006-45108d call 435e60 call 4b9226 1738->1740 1740->1713
                                                                APIs
                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 00450F2D
                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 00450F4F
                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 00450F77
                                                                • std::_Facet_Register.LIBCPMT ref: 00451071
                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 0045109B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                • String ID: PbC$`aC$p]C
                                                                • API String ID: 459529453-2418293346
                                                                • Opcode ID: 47ef1fd8d8b019aabc3f0f5610737af1e43986cebb35cd2acfb9168d2d0dbd79
                                                                • Instruction ID: e392c769357d74c7cb0e8da2cb70d10442ea48cde3856dc7faeb71697ce32a0a
                                                                • Opcode Fuzzy Hash: 47ef1fd8d8b019aabc3f0f5610737af1e43986cebb35cd2acfb9168d2d0dbd79
                                                                • Instruction Fuzzy Hash: 9A519E71900249DFDF20CF99C5417AEBBB0FB14318F24845ED805AB382D7B9AE49CB95
                                                                Function 00481110 Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 526fileCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1793 481110-481191 call 4385b0 1796 4817e2-4817e4 1793->1796 1797 481197-48119f 1793->1797 1798 48181b-48188f call 437c30 call 481110 1796->1798 1799 4817e6-4817f1 1796->1799 1797->1799 1800 4811a5-4811fd call 4ade50 call 44ee20 1797->1800 1815 48191f-481927 1798->1815 1816 481895-4818aa call 44e890 1798->1816 1801 4817fb-48181a call 4abbf5 1799->1801 1812 481551-481589 call 466040 call 465f20 1800->1812 1813 481203-481209 1800->1813 1836 48158b-48159a call 4516d0 1812->1836 1837 4815a2-481625 call 466040 call 48fa10 1812->1837 1818 48120b 1813->1818 1819 48120d-48122d call 489f30 call 48a0a0 1813->1819 1822 48192e-481939 1815->1822 1824 4818af-48191d call 44d060 1816->1824 1818->1819 1839 4812f9-481312 GetFileSize 1819->1839 1840 481233-4812f4 call 44d060 call 44a340 call 4b94ea 1819->1840 1826 48193b-48193e call 44d060 1822->1826 1827 481943-481961 call 4abbf5 1822->1827 1824->1822 1826->1827 1844 48159f 1836->1844 1861 48163b-48164b call 48fab0 1837->1861 1862 481627-481639 1837->1862 1845 481328-48133a 1839->1845 1846 481314-481326 1839->1846 1840->1801 1844->1837 1850 481368-481375 call 451f90 1845->1850 1851 48133c-481366 call 4ade50 1845->1851 1849 48137a-4813ac SetFilePointer ReadFile 1846->1849 1854 48149f-481542 call 44d060 call 44a340 1849->1854 1855 4813b2-481490 call 44d060 call 44a340 1849->1855 1850->1849 1851->1849 1854->1812 1855->1854 1863 481650-48165a 1861->1863 1862->1863 1868 48165c-481680 1863->1868 1869 481682-481693 call 44d7d0 1863->1869 1873 481698-4816ce call 44d060 call 436640 call 44c7a0 1868->1873 1869->1873 1886 4816d3-4816d5 1873->1886 1887 481700-4817d3 call 44d060 call 44a340 1886->1887 1888 4816d7-4816fb call 436640 1886->1888 1887->1796 1888->1887
                                                                APIs
                                                                • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 004812EC
                                                                • GetFileSize.KERNEL32(00000000,00000000,?,?,00000000,000000B8), ref: 004812FC
                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00481388
                                                                • ReadFile.KERNEL32(00000000,00000000,00516C10,00000000,00000000), ref: 004813A4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: File$Ios_base_dtorPointerReadSizestd::ios_base::_
                                                                • String ID: 0hC$exists
                                                                • API String ID: 418202444-4085241440
                                                                • Opcode ID: 849f238cd3a392783c80e55f8389a1395318525961415ca9d71f5ff49262db28
                                                                • Instruction ID: 03b619e30c80654d4b10cf1501dd509fce63877f60a48615618d7203a258c35b
                                                                • Opcode Fuzzy Hash: 849f238cd3a392783c80e55f8389a1395318525961415ca9d71f5ff49262db28
                                                                • Instruction Fuzzy Hash: 3E425D70D01248DFDB10DFA9C9447DDBBF4BF19308F10819AE849A7291DB746A89CF95
                                                                Function 00453280 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 340COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • ___std_exception_destroy.LIBVCRUNTIME ref: 00453446
                                                                • ___std_exception_destroy.LIBVCRUNTIME ref: 00453463
                                                                  • Part of subcall function 004AFA0C: RaiseException.KERNEL32(E06D7363,00000001,00000003,0043FE44,?,?,?,004B9080,0043FE44,00513AB0,?,0043FE44,?,?,0000000C,8762CD73), ref: 004AFA6C
                                                                • ___std_exception_destroy.LIBVCRUNTIME ref: 004536B0
                                                                • ___std_exception_destroy.LIBVCRUNTIME ref: 004536CD
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ___std_exception_destroy$ExceptionRaise
                                                                • String ID: MC$value
                                                                • API String ID: 299339551-3840657116
                                                                • Opcode ID: 105946c5cbd8b82caa2ff389fd77db40c33b1abb7ad3302a948b5beaa238df8e
                                                                • Instruction ID: 0b049260404a019bd3923239173dd3b15bf9369a861e2bc94eedd162a5d5976f
                                                                • Opcode Fuzzy Hash: 105946c5cbd8b82caa2ff389fd77db40c33b1abb7ad3302a948b5beaa238df8e
                                                                • Instruction Fuzzy Hash: 1EF16B70C05298DEEB20DB65C954BDEFBB4AF19304F1481DED84963282E7746B88CF96
                                                                Function 0049EF0E Relevance: 9.3, APIs: 6, Instructions: 292COMMONLIBRARYCODE
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 2410 49ef0e-49ef1e 2411 49ef38-49ef3a 2410->2411 2412 49ef20-49ef33 call 4950c1 call 4950d4 2410->2412 2414 49f27a-49f287 call 4950c1 call 4950d4 2411->2414 2415 49ef40-49ef46 2411->2415 2428 49f292 2412->2428 2433 49f28d call 497d29 2414->2433 2415->2414 2418 49ef4c-49ef75 2415->2418 2418->2414 2421 49ef7b-49ef84 2418->2421 2424 49ef9e-49efa0 2421->2424 2425 49ef86-49ef99 call 4950c1 call 4950d4 2421->2425 2426 49f276-49f278 2424->2426 2427 49efa6-49efaa 2424->2427 2425->2433 2432 49f295-49f298 2426->2432 2427->2426 2431 49efb0-49efb4 2427->2431 2428->2432 2431->2425 2435 49efb6-49efcd 2431->2435 2433->2428 2438 49efcf-49efd2 2435->2438 2439 49f002-49f008 2435->2439 2441 49eff8-49f000 2438->2441 2442 49efd4-49efda 2438->2442 2443 49f00a-49f011 2439->2443 2444 49efdc-49eff3 call 4950c1 call 4950d4 call 497d29 2439->2444 2446 49f075-49f094 2441->2446 2442->2441 2442->2444 2447 49f013 2443->2447 2448 49f015-49f033 call 49d15a call 49c0bd * 2 2443->2448 2475 49f1ad 2444->2475 2449 49f09a-49f0a6 2446->2449 2450 49f150-49f159 call 4a652f 2446->2450 2447->2448 2479 49f050-49f073 call 49f49f 2448->2479 2480 49f035-49f04b call 4950d4 call 4950c1 2448->2480 2449->2450 2453 49f0ac-49f0ae 2449->2453 2464 49f15b-49f16d 2450->2464 2465 49f1ca 2450->2465 2453->2450 2457 49f0b4-49f0d5 2453->2457 2457->2450 2461 49f0d7-49f0ed 2457->2461 2461->2450 2466 49f0ef-49f0f1 2461->2466 2464->2465 2470 49f16f-49f17e GetConsoleMode 2464->2470 2468 49f1ce-49f1e4 ReadFile 2465->2468 2466->2450 2471 49f0f3-49f116 2466->2471 2473 49f242-49f24d GetLastError 2468->2473 2474 49f1e6-49f1ec 2468->2474 2470->2465 2476 49f180-49f184 2470->2476 2471->2450 2478 49f118-49f12e 2471->2478 2481 49f24f-49f261 call 4950d4 call 4950c1 2473->2481 2482 49f266-49f269 2473->2482 2474->2473 2483 49f1ee 2474->2483 2477 49f1b0-49f1ba call 49c0bd 2475->2477 2476->2468 2484 49f186-49f19e ReadConsoleW 2476->2484 2477->2432 2478->2450 2490 49f130-49f132 2478->2490 2479->2446 2480->2475 2481->2475 2487 49f26f-49f271 2482->2487 2488 49f1a6-49f1ac call 49507a 2482->2488 2494 49f1f1-49f203 2483->2494 2485 49f1bf-49f1c8 2484->2485 2486 49f1a0 GetLastError 2484->2486 2485->2494 2486->2488 2487->2477 2488->2475 2490->2450 2497 49f134-49f14b 2490->2497 2494->2477 2501 49f205-49f209 2494->2501 2497->2450 2505 49f20b-49f21b call 49ec20 2501->2505 2506 49f222-49f22f 2501->2506 2515 49f21e-49f220 2505->2515 2508 49f23b-49f240 call 49ea66 2506->2508 2509 49f231 call 49ed77 2506->2509 2516 49f236-49f239 2508->2516 2509->2516 2515->2477 2516->2515
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 39d1791a85c6a05d2366e13811c19a5ff8bd139f1b7508f647d7bcfc961fa37e
                                                                • Instruction ID: af9c87e70908a1ee06dfbc346dd9d7a470d4d3b04964572cafa80a59c2292356
                                                                • Opcode Fuzzy Hash: 39d1791a85c6a05d2366e13811c19a5ff8bd139f1b7508f647d7bcfc961fa37e
                                                                • Instruction Fuzzy Hash: ACB13274A04249EFEF11CF99C841BAE7FB1AF46304F14417AE5009B392C7B99D4ACB99
                                                                Function 0049865A Relevance: 9.3, APIs: 6, Instructions: 265COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __allrem.LIBCMT ref: 004987E2
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004987FE
                                                                • __allrem.LIBCMT ref: 00498815
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00498833
                                                                • __allrem.LIBCMT ref: 0049884A
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00498868
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                • String ID:
                                                                • API String ID: 1992179935-0
                                                                • Opcode ID: 0bad0c18fe0cf381acad9996688c966a33eada49a23c210a765f4fa7ac2e53a6
                                                                • Instruction ID: bac2f8d64b4771d1480d5067db4f3a3676e567bfb19d99c183f063f20f68270c
                                                                • Opcode Fuzzy Hash: 0bad0c18fe0cf381acad9996688c966a33eada49a23c210a765f4fa7ac2e53a6
                                                                • Instruction Fuzzy Hash: A68107B26007069BDB20EA6DCC41B5B7BE9AF52364F24453FF111DB791EB78D9008B98
                                                                Function 004823F0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 280COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Ios_base_dtorstd::ios_base::_
                                                                • String ID: 0$0hC$exists
                                                                • API String ID: 323602529-1229763112
                                                                • Opcode ID: f10948b3ed40f3b076f8b225239c75273635f3694046d4e0320974136430c3f1
                                                                • Instruction ID: 8ad686ceee80f5ac92384c61aa111afe13dce58c6585d204e44adfbc4e8d440e
                                                                • Opcode Fuzzy Hash: f10948b3ed40f3b076f8b225239c75273635f3694046d4e0320974136430c3f1
                                                                • Instruction Fuzzy Hash: 81D18070D0528CDAEB10DBA8CA45BDCBBF4AF19308F2440DDE4456B282DBB95F48DB56
                                                                Function 004865D0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 230registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0047FD70: ___std_fs_get_current_path@8.LIBCPMT ref: 0047FE92
                                                                • GetVolumeInformationW.KERNEL32(?,?,00000100,?,?,?,?,00000100,00000000,?,8762CD73,?,?), ref: 00486757
                                                                • RegGetValueA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,ProductName,00000002,00000000,?,?), ref: 00486916
                                                                Strings
                                                                • ProductName, xrefs: 00486900
                                                                • SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 00486905
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: InformationValueVolume___std_fs_get_current_path@8
                                                                • String ID: ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                • API String ID: 2814272438-1787575317
                                                                • Opcode ID: b1404d09f7114e8511fbbac145fb6ec7f4eb5f2e1f33eee02c53c21e1c4c82cd
                                                                • Instruction ID: 5513a57b40c567382305f19abecc614c7fb65df7785b10e0462d816fc7d7abf5
                                                                • Opcode Fuzzy Hash: b1404d09f7114e8511fbbac145fb6ec7f4eb5f2e1f33eee02c53c21e1c4c82cd
                                                                • Instruction Fuzzy Hash: DFA18BB1C012199BDB21DF55CD59BE9B7B4FF14304F1042EAE419A7281EB786B88CF94
                                                                Function 004A0DE2 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 408timeCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,004A1227,00000000,00000000,00000000), ref: 004A10E6
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: InformationTimeZone
                                                                • String ID: Eastern Standard Time$Eastern Summer Time
                                                                • API String ID: 565725191-239921721
                                                                • Opcode ID: a0c3fa71ac075b893766dc5b0ab0f3ca29078ed841b914ae773539177a8584d6
                                                                • Instruction ID: d63cae11faca7fbaaedfd5ec0c01f193a5a5e64d1a9f5e85edff99bc4745f09f
                                                                • Opcode Fuzzy Hash: a0c3fa71ac075b893766dc5b0ab0f3ca29078ed841b914ae773539177a8584d6
                                                                • Instruction Fuzzy Hash: D5C15872D00211ABDB20AB65CC02ABF7BB9EF76754F10405BF901EB291E7788E41D798
                                                                Function 00481F10 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 282COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0045D680: ___std_fs_convert_narrow_to_wide@20.LIBCPMT ref: 0045D726
                                                                  • Part of subcall function 0045D680: ___std_fs_convert_narrow_to_wide@20.LIBCPMT ref: 0045D750
                                                                • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00482387
                                                                  • Part of subcall function 0043E440: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0043E4CF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Ios_base_dtor___std_fs_convert_narrow_to_wide@20std::ios_base::_
                                                                • String ID: 0hC$exists
                                                                • API String ID: 1525435645-4085241440
                                                                • Opcode ID: 8ca7fd5849306998ec001e4bdecb4b4743a0745ed80b2030e0a7e1d66a3192b0
                                                                • Instruction ID: 349907f898d0770bf1c6c6bee16b757a414fbaa0545e2b95a55e182eb82389be
                                                                • Opcode Fuzzy Hash: 8ca7fd5849306998ec001e4bdecb4b4743a0745ed80b2030e0a7e1d66a3192b0
                                                                • Instruction Fuzzy Hash: 1ED19F70D0528CDAEB10DBA8CA45BDCBBF0AF19308F2480DDD4456B282D7B95F58DB56
                                                                Function 00438180 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 85COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 004381BC
                                                                  • Part of subcall function 004B849F: FindNextFileW.KERNELBASE(?,00000001,?,00437D97,?,00000001,?,004BDC4D,00000001,?,?,?,8762CD73,00000001), ref: 004B84A8
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FileFindNext___std_fs_directory_iterator_advance@8
                                                                • String ID: .$directory_iterator::operator++
                                                                • API String ID: 3878998205-1036657373
                                                                • Opcode ID: 42ea8ddbda2b7e0b12b5802c67e6a5f09428df7f782a6b2438fae6bd72fb2b67
                                                                • Instruction ID: 735a56af49808cf236c7d8626bd4983a1e4e1118483563b87a501f55d85a1d57
                                                                • Opcode Fuzzy Hash: 42ea8ddbda2b7e0b12b5802c67e6a5f09428df7f782a6b2438fae6bd72fb2b67
                                                                • Instruction Fuzzy Hash: C7318D70A047188BCF30DF59C8887ABF7B4EB49310F14429EE45997391DB395E85CA84
                                                                Function 00435DA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 00435DCB
                                                                • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00435E2E
                                                                  • Part of subcall function 004B9356: _Yarn.LIBCPMT ref: 004B9375
                                                                  • Part of subcall function 004B9356: _Yarn.LIBCPMT ref: 004B9399
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                • String ID: bad locale name
                                                                • API String ID: 1908188788-1405518554
                                                                • Opcode ID: 4f591d35f3d0401d16c29d601d846a696ee7aa1707a5175f538b14ce155db12b
                                                                • Instruction ID: 3ec4c6a4a97d0462a05707b65000259191fcf5f6abdba4908dc577763c239046
                                                                • Opcode Fuzzy Hash: 4f591d35f3d0401d16c29d601d846a696ee7aa1707a5175f538b14ce155db12b
                                                                • Instruction Fuzzy Hash: 3B210570805784DFD320CF69C90478BBFF4AF15714F14868ED48597781D3B9AA04CBA5
                                                                Function 004868B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegGetValueA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,ProductName,00000002,00000000,?,?), ref: 00486916
                                                                Strings
                                                                • ProductName, xrefs: 00486900
                                                                • SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 00486905
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Value
                                                                • String ID: ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                • API String ID: 3702945584-1787575317
                                                                • Opcode ID: b1b14b774ef6c570b057e3b558ffe0deac3071ed0933685e6c950abb9736e9bf
                                                                • Instruction ID: c2d08890748770af0873008191db5a05c2fa34d27609d4939fc155a72502f57e
                                                                • Opcode Fuzzy Hash: b1b14b774ef6c570b057e3b558ffe0deac3071ed0933685e6c950abb9736e9bf
                                                                • Instruction Fuzzy Hash: 95218EB09003599BDB20DF54C805BEABBF8FF04704F10465EE845A7681DBB86A44CB95
                                                                Function 00487290 Relevance: 4.7, APIs: 3, Instructions: 178registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegOpenKeyExA.KERNEL32(80000001,0047F265,00000000,00020019,00000000,8762CD73,?,0051C288), ref: 0048735B
                                                                • RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00487397
                                                                • RegCloseKey.ADVAPI32(00000000), ref: 0048751D
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CloseEnumOpen
                                                                • String ID:
                                                                • API String ID: 1332880857-0
                                                                • Opcode ID: 583436978cce415da765378ea93a3ed95bf41f57cd7b16fc1002d349e714ed29
                                                                • Instruction ID: e90b3dd054a924dd9803ab5f17a38fc1c4cefb0d6438d00707aa441ccba3a8d8
                                                                • Opcode Fuzzy Hash: 583436978cce415da765378ea93a3ed95bf41f57cd7b16fc1002d349e714ed29
                                                                • Instruction Fuzzy Hash: E3717FF0D012189FDB20DF24CD94B9DB7B4EB54304F1082DAEA19A7281D774AE88CF99
                                                                Function 004870B0 Relevance: 4.6, APIs: 3, Instructions: 115registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegOpenKeyExA.KERNEL32(80000001,0051C570,00000000,00020019,00000000,8762CD73,0051C570,0051C2A0), ref: 00487182
                                                                • RegQueryValueExA.KERNEL32(00000000,?,00000000,000F003F,?,00000400), ref: 004871B6
                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00487260
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CloseOpenQueryValue
                                                                • String ID:
                                                                • API String ID: 3677997916-0
                                                                • Opcode ID: 57d060fa11377f52f079fc837384727404e649e1529402bdcb096a3e64267e6d
                                                                • Instruction ID: b9c4edd99e38da91ddb4c738108b0054469e00b62f6e0a688ac56e9026d709b2
                                                                • Opcode Fuzzy Hash: 57d060fa11377f52f079fc837384727404e649e1529402bdcb096a3e64267e6d
                                                                • Instruction Fuzzy Hash: 905130B0D042189BDB20DF15CD54B9AB7F8FF45708F5042DEE609A7281DB74AA88CF99
                                                                Function 004855F0 Relevance: 4.6, APIs: 3, Instructions: 99networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • recv.WS2_32(?,00000001,00000000), ref: 004857E2
                                                                • closesocket.WS2_32(00000254), ref: 004857EE
                                                                • WSACleanup.WS2_32 ref: 004857F4
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Cleanupclosesocketrecv
                                                                • String ID:
                                                                • API String ID: 3447645871-0
                                                                • Opcode ID: a55422f294b4942afa1ff90dfbe741e21dd202ebe771de9cafeea328bec9a277
                                                                • Instruction ID: c065b03366e761df0b34e2ad76ec595a4b6e3bb6db0e63c2aea2bbb819f94b56
                                                                • Opcode Fuzzy Hash: a55422f294b4942afa1ff90dfbe741e21dd202ebe771de9cafeea328bec9a277
                                                                • Instruction Fuzzy Hash: 6C415830D11398CEEB14EB65CC59BDEBB71AF10308F1081DAE449672A2DB741E88DFA5
                                                                Function 00485E30 Relevance: 4.6, APIs: 3, Instructions: 65COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetUserGeoID.KERNEL32(00000010), ref: 00485E6C
                                                                • GetGeoInfoA.KERNEL32(00000000,00000004,00000000,00000000,00000000), ref: 00485E7E
                                                                • GetGeoInfoA.KERNEL32(0000000F,00000004,?,00000000,00000000), ref: 00485ED6
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Info$User
                                                                • String ID:
                                                                • API String ID: 2017065092-0
                                                                • Opcode ID: 76db3dc4c87bbc6f384a5473c1c7e0f0467f6834ab8a05054a61e1c1351183cd
                                                                • Instruction ID: dee3d2b381a88aa75edb4726eebd2668ef991be1adfc48943d59dd3409b8a73b
                                                                • Opcode Fuzzy Hash: 76db3dc4c87bbc6f384a5473c1c7e0f0467f6834ab8a05054a61e1c1351183cd
                                                                • Instruction Fuzzy Hash: 60219D70A40305ABE730DF65DD09B5BBBF8EB44B14F104A1EF545AB6C0D7B9AA048BE4
                                                                Function 004A2897 Relevance: 4.5, APIs: 3, Instructions: 15COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentProcess.KERNEL32(?,?,004A2891,00000016,0049036B,?,?,8762CD73,0049036B,?), ref: 004A28A8
                                                                • TerminateProcess.KERNEL32(00000000,?,004A2891,00000016,0049036B,?,?,8762CD73,0049036B,?), ref: 004A28AF
                                                                • ExitProcess.KERNEL32 ref: 004A28C1
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Process$CurrentExitTerminate
                                                                • String ID:
                                                                • API String ID: 1703294689-0
                                                                • Opcode ID: c52b8aea0878e361db6f998eabd52a91712daacfbdb63a7d2bb12d779e64a9bf
                                                                • Instruction ID: 5f52cdf8944b70cf92df4f225d6e01553ce615c3954620652ef0a1f31c52b3c3
                                                                • Opcode Fuzzy Hash: c52b8aea0878e361db6f998eabd52a91712daacfbdb63a7d2bb12d779e64a9bf
                                                                • Instruction Fuzzy Hash: ACD09E71001108BBDF423F65ED0DB8E3F2AEF55745F044026B9095A131DB799995EB98
                                                                Function 0047EE90 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 177COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0047F1C0: RegOpenKeyExA.KERNEL32(80000001,0051C570,00000000,00020019,00000000,8762CD73), ref: 0047F211
                                                                  • Part of subcall function 0047F1C0: RegCloseKey.ADVAPI32(00000000), ref: 0047F221
                                                                • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0047F194
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CloseIos_base_dtorOpenstd::ios_base::_
                                                                • String ID: 0hC
                                                                • API String ID: 1131316584-2581318919
                                                                • Opcode ID: 7cba46937cda891c258594ace6fbaf3fef31f328805038bc20a4f0a0119cf12a
                                                                • Instruction ID: cfb713b882ce29762410958d43b6c09695d359a02ab63b143eff75d03a191730
                                                                • Opcode Fuzzy Hash: 7cba46937cda891c258594ace6fbaf3fef31f328805038bc20a4f0a0119cf12a
                                                                • Instruction Fuzzy Hash: 59911674C00298CBDB20DF68C845BDDBBB0AB19314F1086EAD45977282DB746E88CF95
                                                                Function 00486F20 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentHwProfileW.ADVAPI32(?), ref: 00486F86
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CurrentProfile
                                                                • String ID: Unknown
                                                                • API String ID: 2104809126-1654365787
                                                                • Opcode ID: d6032fd6981b0caf5e4c49708838f9cebd9397818ef9a0e4cf965eded2abff42
                                                                • Instruction ID: 4cfd0b05124d6ad0cc2ed0fe670d1554fe3cca3eb32f1e14fa8b394e0e179909
                                                                • Opcode Fuzzy Hash: d6032fd6981b0caf5e4c49708838f9cebd9397818ef9a0e4cf965eded2abff42
                                                                • Instruction Fuzzy Hash: 74418B71D00258CBDB20DF69C8407DEFBF4EF49704F1082AAD899A7281D774AA88CF91
                                                                Function 004ABC08 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 85COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • ___std_exception_copy.LIBVCRUNTIME ref: 00434FF1
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ___std_exception_copy
                                                                • String ID: MC
                                                                • API String ID: 2659868963-1829682832
                                                                • Opcode ID: a7a485d9c83800eb579eb1fbe217d44add95b41717c89af58e444174cff24a24
                                                                • Instruction ID: 040724f085c67d798f1d490f9b73413860191a50a7d7deb79defe6124e27c29a
                                                                • Opcode Fuzzy Hash: a7a485d9c83800eb579eb1fbe217d44add95b41717c89af58e444174cff24a24
                                                                • Instruction Fuzzy Hash: 3611EB71800308ABCB10DF58DC01B9AB7ACEB15724F10466FF81597780EB79A940CBD8
                                                                Function 00447920 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0044799C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Ios_base_dtorstd::ios_base::_
                                                                • String ID: 0hC
                                                                • API String ID: 323602529-2581318919
                                                                • Opcode ID: 5129ab555f51bed53336c49a6076550c51d3d5e874f0d443237048deba2c8ea9
                                                                • Instruction ID: 8ca8b340eaa0dfe9bad33bee777e0704730a4b63aab2394a13b70ad755bbc225
                                                                • Opcode Fuzzy Hash: 5129ab555f51bed53336c49a6076550c51d3d5e874f0d443237048deba2c8ea9
                                                                • Instruction Fuzzy Hash: CD11ADB0840609DFDB10DF59C840A9DFBF8FB05328F208A6EE85197390EB74AA05CB80
                                                                Function 00460310 Relevance: 3.3, APIs: 2, Instructions: 312COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 004604B4
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Concurrency::cancel_current_task
                                                                • String ID:
                                                                • API String ID: 118556049-0
                                                                • Opcode ID: 8b13a2037e7e0b03ddde8346a73a64acbab074baffae8b20c15079bbed3282a0
                                                                • Instruction ID: 66707b960993136107624c9d81ef05c918eca4bbb2b21c6d520a63eb0cd0cd41
                                                                • Opcode Fuzzy Hash: 8b13a2037e7e0b03ddde8346a73a64acbab074baffae8b20c15079bbed3282a0
                                                                • Instruction Fuzzy Hash: 04A191B1E002159FDB14DF68C981AAFBBB4EB49314F24422FE815E7385E738AD05CB95
                                                                Function 00437CB0 Relevance: 3.1, APIs: 2, Instructions: 124COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ___std_fs_directory_iterator_open@12.LIBCPMT ref: 00437D64
                                                                • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 00437D92
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ___std_fs_directory_iterator_advance@8___std_fs_directory_iterator_open@12
                                                                • String ID:
                                                                • API String ID: 3016148460-0
                                                                • Opcode ID: 73963d7e42f46bada0bb91468d8e6c86860c6526e71e689b58131c2916953d37
                                                                • Instruction ID: c774fac7b26238caf8a18ea1cc9dfb162d547f418ec2e445b27f5ef4f4107e88
                                                                • Opcode Fuzzy Hash: 73963d7e42f46bada0bb91468d8e6c86860c6526e71e689b58131c2916953d37
                                                                • Instruction Fuzzy Hash: E841A0B1D04218DBCB34DF64C480AEEB7B4EF19324F00516BE851AB381EB789D44CB94
                                                                Function 00480F90 Relevance: 3.1, APIs: 2, Instructions: 108COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SHGetKnownFolderPath.SHELL32(004E05C0,00000000,00000000,?,8762CD73,?,?), ref: 0048101E
                                                                • CoTaskMemFree.OLE32(?), ref: 004810DC
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FolderFreeKnownPathTask
                                                                • String ID:
                                                                • API String ID: 969438705-0
                                                                • Opcode ID: 72aa8b02f906d3fbe3ba85b36074818c76339de4eced8fbcc3b8c7e13541c268
                                                                • Instruction ID: 3e538bd659216d3e4857fbb8bc962106784e19cd0647cea7878622876b38b54a
                                                                • Opcode Fuzzy Hash: 72aa8b02f906d3fbe3ba85b36074818c76339de4eced8fbcc3b8c7e13541c268
                                                                • Instruction Fuzzy Hash: 4241ACB0D01748DBDB10CFA5C9457AEFBF4EF58314F20421EE811A7280EBB86A44CB94
                                                                Function 0047F1C0 Relevance: 3.1, APIs: 2, Instructions: 82registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegOpenKeyExA.KERNEL32(80000001,0051C570,00000000,00020019,00000000,8762CD73), ref: 0047F211
                                                                • RegCloseKey.ADVAPI32(00000000), ref: 0047F221
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CloseOpen
                                                                • String ID:
                                                                • API String ID: 47109696-0
                                                                • Opcode ID: 53310d44514645ec7d69775a39ecbdcf721de23dfed265a4b960d742e8fdaebb
                                                                • Instruction ID: 54b3090d3cf4edc9b1beeea5084ab922e7ff7cf66e968ba670c482e571a875e7
                                                                • Opcode Fuzzy Hash: 53310d44514645ec7d69775a39ecbdcf721de23dfed265a4b960d742e8fdaebb
                                                                • Instruction Fuzzy Hash: 1021F675E002199BDB10EF95DC81BEFB7B4EB48714F14827EE819B7382EB399D048694
                                                                Function 0049AD6F Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetStdHandle.KERNEL32(000000F6), ref: 0049ADBB
                                                                • GetFileType.KERNEL32(00000000), ref: 0049ADCD
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FileHandleType
                                                                • String ID:
                                                                • API String ID: 3000768030-0
                                                                • Opcode ID: 4f32fbaeb40bbd2ddea1473ad080d3a809991d13d49bec4850263f289b53d757
                                                                • Instruction ID: 9b806bec79c801feb13e2bd810877b0a9fec2b0519df56a68c4b4061daa9a1e0
                                                                • Opcode Fuzzy Hash: 4f32fbaeb40bbd2ddea1473ad080d3a809991d13d49bec4850263f289b53d757
                                                                • Instruction Fuzzy Hash: B611B7311047514ACF304A3E8C886677E96AB56331B39073FD4B687AF1C338D9A691CB
                                                                Function 0049F3BE Relevance: 3.1, APIs: 2, Instructions: 52COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • SetFilePointerEx.KERNEL32(00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,?,0049F4F8,00000000,00000000,00000000,00000002,00000000), ref: 0049F3FA
                                                                • GetLastError.KERNEL32(00000000,?,0049F4F8,00000000,00000000,00000000,00000002,00000000,?,0049BE05,00000000,00000000,00000000,00000002,00000000,00000000), ref: 0049F407
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ErrorFileLastPointer
                                                                • String ID:
                                                                • API String ID: 2976181284-0
                                                                • Opcode ID: 80260035985e1c693c2aa0c1ce2b926f9b01d7339fcba6fc68b9113c9f56a2d4
                                                                • Instruction ID: e391caa542caa0dd86735aa216be2178a54a5bfb1c46ce41420e93566301b438
                                                                • Opcode Fuzzy Hash: 80260035985e1c693c2aa0c1ce2b926f9b01d7339fcba6fc68b9113c9f56a2d4
                                                                • Instruction Fuzzy Hash: 57012232614215AFCF058F69DC49D9E3F2AEF95324F24422AF811DB290E775EE41CB94
                                                                Function 0047E47D Relevance: 3.1, APIs: 2, Instructions: 51synchronizationCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 004473D0: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,8762CD73), ref: 0044741C
                                                                  • Part of subcall function 004473D0: Process32FirstW.KERNEL32(00000000,?), ref: 00447468
                                                                  • Part of subcall function 00445950: CredEnumerateA.ADVAPI32(00000000,00000000,?,?,8762CD73,00000000,?), ref: 004459B2
                                                                  • Part of subcall function 00485350: recv.WS2_32(?,00002000,00000000), ref: 004854A4
                                                                • ReleaseMutex.KERNEL32(00000000), ref: 0047E525
                                                                • CloseHandle.KERNEL32(00000000), ref: 0047E52C
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CloseCreateCredEnumerateFirstHandleMutexProcess32ReleaseSnapshotToolhelp32recv
                                                                • String ID:
                                                                • API String ID: 420082584-0
                                                                • Opcode ID: 43ab8f6d0282bbd386fa8db408f8dbade1bdb5759a0961783a362487319a2d08
                                                                • Instruction ID: 21d12501465ffecb104f3396b5f4d487cf58cbb0265569f00e2db2d4d6eee1e0
                                                                • Opcode Fuzzy Hash: 43ab8f6d0282bbd386fa8db408f8dbade1bdb5759a0961783a362487319a2d08
                                                                • Instruction Fuzzy Hash: D9114C71806548EAEB00FBF7950639DB7A0AF0431CF10C59FE90623182DF7D1A0596AF
                                                                Function 0047E4C8 Relevance: 3.0, APIs: 2, Instructions: 40synchronizationCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00485350: recv.WS2_32(?,00002000,00000000), ref: 004854A4
                                                                • ReleaseMutex.KERNEL32(00000000), ref: 0047E525
                                                                • CloseHandle.KERNEL32(00000000), ref: 0047E52C
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CloseHandleMutexReleaserecv
                                                                • String ID:
                                                                • API String ID: 2659716615-0
                                                                • Opcode ID: 0316209b74f7a510048f6aca9fcb45fc03c3e98c7b54836586b8f6f774e638a0
                                                                • Instruction ID: d8074609c4b6b56a118d8c4864159468ec2ce210cc92c7876c64f9fcb1cee0d4
                                                                • Opcode Fuzzy Hash: 0316209b74f7a510048f6aca9fcb45fc03c3e98c7b54836586b8f6f774e638a0
                                                                • Instruction Fuzzy Hash: CD017171806518DAE710FBE2D50679DB7A0AF0931CF50869FE90623282DF791A0187AE
                                                                Function 0049C0BD Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlFreeHeap.NTDLL(00000000,00000000,?,004A4A11,?,00000000,?,?,004A4CB2,?,00000007,?,?,004A3378,?,?), ref: 0049C0D3
                                                                • GetLastError.KERNEL32(?,?,004A4A11,?,00000000,?,?,004A4CB2,?,00000007,?,?,004A3378,?,?), ref: 0049C0DE
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ErrorFreeHeapLast
                                                                • String ID:
                                                                • API String ID: 485612231-0
                                                                • Opcode ID: 2c7be629525b77807a060ce78cd6937da288636f168411113672e5418cb75576
                                                                • Instruction ID: 589170845ab709ad3b3b60fb6adb52998bb4654d1de7eee66c817f55301082a8
                                                                • Opcode Fuzzy Hash: 2c7be629525b77807a060ce78cd6937da288636f168411113672e5418cb75576
                                                                • Instruction Fuzzy Hash: 9BE08631500614A7CF222BA1EC0D7893F58DB40355F104036F60897160DF398940CB88
                                                                Function 0048FAB0 Relevance: 1.7, APIs: 1, Instructions: 205COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 0048FCEA
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Concurrency::cancel_current_task
                                                                • String ID:
                                                                • API String ID: 118556049-0
                                                                • Opcode ID: 54dc556bc546888474d3f19e34a31102f3849cfd2e1ddc240e0765d6926b334a
                                                                • Instruction ID: 258a51d4530bdfdbcfb978a880514f411ab203130510da66870d02f2c2448e76
                                                                • Opcode Fuzzy Hash: 54dc556bc546888474d3f19e34a31102f3849cfd2e1ddc240e0765d6926b334a
                                                                • Instruction Fuzzy Hash: DB71F671A002088FCB24EF28C490B6E77A5BF15314F244A7FE865CB791D739EA49CB95
                                                                Function 0044AF90 Relevance: 1.7, APIs: 1, Instructions: 180COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9135f7d9b5d1880a46c4ac02def5f1366672d51aadf79d8842421bd6ac20231f
                                                                • Instruction ID: 5047db877c7d9ae38b531aa0dda64427d2377832e7d6361d0852b000475400c5
                                                                • Opcode Fuzzy Hash: 9135f7d9b5d1880a46c4ac02def5f1366672d51aadf79d8842421bd6ac20231f
                                                                • Instruction Fuzzy Hash: F45180B5A0060ADFDB18CF28D480999FBB4FF4A320B5082AAE819C7B51D735ED55CBD4
                                                                Function 0049E314 Relevance: 1.7, APIs: 1, Instructions: 157COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f4d1b25cda05e585bd14aeef0c776674eabbc591f49ad1024f01acac1088cae4
                                                                • Instruction ID: 7d9f16a24b0820fe6bfe4efb506255557b861a5981f24711c09fdeca13a2084c
                                                                • Opcode Fuzzy Hash: f4d1b25cda05e585bd14aeef0c776674eabbc591f49ad1024f01acac1088cae4
                                                                • Instruction Fuzzy Hash: 8751C470A00104EFDF14CF5ACC85AAE7FA5AF99324F28816AE8095B352D379DE41CB95
                                                                Function 00458550 Relevance: 1.6, APIs: 1, Instructions: 150COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 004586AF
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Concurrency::cancel_current_task
                                                                • String ID:
                                                                • API String ID: 118556049-0
                                                                • Opcode ID: 9d0e38e8a100f06b44e5b2c958822f107f66b3500270d3682d1b991c4f050d55
                                                                • Instruction ID: 39eac46aceff4f274d7df031c3ad8bb7d561d247c585fc64f7f09dd83a036c2e
                                                                • Opcode Fuzzy Hash: 9d0e38e8a100f06b44e5b2c958822f107f66b3500270d3682d1b991c4f050d55
                                                                • Instruction Fuzzy Hash: E941A4B1E001159FDB04DFA8C841AAEBBB5EF48315F10422EE815F7386DB34AE09CB95
                                                                Function 004520F0 Relevance: 1.6, APIs: 1, Instructions: 138COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 0045223D
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Concurrency::cancel_current_task
                                                                • String ID:
                                                                • API String ID: 118556049-0
                                                                • Opcode ID: 8aafa409fbbe6252fd8d16ac1cef4b76429e1a26ed72850fe408f5c857c7a805
                                                                • Instruction ID: 543f2dd5f5f38f41d79c3b3e326d175c20dbca08f8aec97f7e4552ad9d8ce088
                                                                • Opcode Fuzzy Hash: 8aafa409fbbe6252fd8d16ac1cef4b76429e1a26ed72850fe408f5c857c7a805
                                                                • Instruction Fuzzy Hash: E1411272E001149BCB05EF68CD806AFB7A5EF56311F1402AFFC15EB302D6789E158B99
                                                                Function 00451F90 Relevance: 1.6, APIs: 1, Instructions: 137COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 004520DE
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Concurrency::cancel_current_task
                                                                • String ID:
                                                                • API String ID: 118556049-0
                                                                • Opcode ID: a14de396b08b32659630435c90f611bc18073001c29953638865ceda2285425b
                                                                • Instruction ID: 53fc907bca80d66a09b4c03435f3e8acb878ccb904669eb33cf36a05cbe64725
                                                                • Opcode Fuzzy Hash: a14de396b08b32659630435c90f611bc18073001c29953638865ceda2285425b
                                                                • Instruction Fuzzy Hash: E7414272D001049BCB15AF68CD806AEBBA5AF4A305F1002ABED15EB342D7749E158BD9
                                                                Function 0048F890 Relevance: 1.6, APIs: 1, Instructions: 135COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 0048F9FA
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Concurrency::cancel_current_task
                                                                • String ID:
                                                                • API String ID: 118556049-0
                                                                • Opcode ID: d2fccf6f5b3df297b65b13170b90e5c1872a490292f016b70dee3939b6e05f49
                                                                • Instruction ID: 91311e753e2fbbf9cdae31aef67f458025fa5287f257254b7d49e4ed808e7769
                                                                • Opcode Fuzzy Hash: d2fccf6f5b3df297b65b13170b90e5c1872a490292f016b70dee3939b6e05f49
                                                                • Instruction Fuzzy Hash: 4F41B3B2E005049FDB14EF68C985A6EBBA9EB49320F24473EE815D7385DB349D04CB95
                                                                Function 00451E50 Relevance: 1.6, APIs: 1, Instructions: 125COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00451F7F
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Concurrency::cancel_current_task
                                                                • String ID:
                                                                • API String ID: 118556049-0
                                                                • Opcode ID: bceca21abfd596b49baddf9976fd8ae7e3bbe9a292c563c34926c129456dd860
                                                                • Instruction ID: dbfd0375bb16cbcb281b8a1501cab73851c3df864c0bb83deedb38d5f1c134ec
                                                                • Opcode Fuzzy Hash: bceca21abfd596b49baddf9976fd8ae7e3bbe9a292c563c34926c129456dd860
                                                                • Instruction Fuzzy Hash: 72312572A001049BCB14DF688881B9FBBA5AB59315B24426FEC15CB303DB34DE5987D9
                                                                Function 004516D0 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 004517DF
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Concurrency::cancel_current_task
                                                                • String ID:
                                                                • API String ID: 118556049-0
                                                                • Opcode ID: 4beab17cec18f8408a3d260484db6fe46066ad92ba7b493454d35fe0c2aa28c2
                                                                • Instruction ID: 65e916faade23ef3c336758c75d3ad3b55c144e32e026a5ec30b5c92d10e86c8
                                                                • Opcode Fuzzy Hash: 4beab17cec18f8408a3d260484db6fe46066ad92ba7b493454d35fe0c2aa28c2
                                                                • Instruction Fuzzy Hash: BB316772E001105BCB18EE6D9880A6FB7E9EB88312B24427FEC15D7352DA38DD0987D9
                                                                Function 0044D7D0 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 0044D8F9
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Concurrency::cancel_current_task
                                                                • String ID:
                                                                • API String ID: 118556049-0
                                                                • Opcode ID: 4a7e0aa971e9c18d460f3d63606fed0fdd4bc56cc13da704aad23d70c2080c39
                                                                • Instruction ID: 6687ec20b77dec97c90771c2cbe71989815263d1b8fcacfb2e06f2ee49a1853a
                                                                • Opcode Fuzzy Hash: 4a7e0aa971e9c18d460f3d63606fed0fdd4bc56cc13da704aad23d70c2080c39
                                                                • Instruction Fuzzy Hash: C3310A71E002045BE714AE6DD880A7EB7A4EF55324F24477FF865C7382D67899408759
                                                                Function 0044BAD0 Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 0044BBB3
                                                                  • Part of subcall function 00434F80: ___std_exception_copy.LIBVCRUNTIME ref: 00434FF1
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Concurrency::cancel_current_task___std_exception_copy
                                                                • String ID:
                                                                • API String ID: 1979911387-0
                                                                • Opcode ID: 14553861a0e6d344c6703ce135879dfe8084568f0dbccc5b703b736294f01183
                                                                • Instruction ID: f8cf7cd3dcf405c094d14d4edd2427269fc308b55f739c6c677f8adad7f52d2f
                                                                • Opcode Fuzzy Hash: 14553861a0e6d344c6703ce135879dfe8084568f0dbccc5b703b736294f01183
                                                                • Instruction Fuzzy Hash: 902126B1E006059BE7149F25D48166AB7A4EF15324F20036FE8258BB91E739FE90C7D6
                                                                Function 004BB697 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: __wsopen_s
                                                                • String ID:
                                                                • API String ID: 3347428461-0
                                                                • Opcode ID: c0068bc3e55a3d1622d6bbbbb6d136ac2493d2630b2467d4896e3e7752e83962
                                                                • Instruction ID: 7232828ef0ab4ea1277fc9c55e8108ad49929c9e06a984f5114aae078e858d40
                                                                • Opcode Fuzzy Hash: c0068bc3e55a3d1622d6bbbbb6d136ac2493d2630b2467d4896e3e7752e83962
                                                                • Instruction Fuzzy Hash: B9113671A0010AAFCB05DF58E9819CF7BF4EF88304F00405AF808AB311D770D9118BA4
                                                                Function 00482930 Relevance: 1.5, APIs: 1, Instructions: 43networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • send.WS2_32(?,?,00000000), ref: 00482968
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: send
                                                                • String ID:
                                                                • API String ID: 2809346765-0
                                                                • Opcode ID: 2e230c4dbecb0c91bd7935fcc59657d459b7808623847299c78205d0fd7c7ba6
                                                                • Instruction ID: 15365ef676efcd120e403479619ae1d38f6ec3fc5171ce29fb9a7f72e5811cf6
                                                                • Opcode Fuzzy Hash: 2e230c4dbecb0c91bd7935fcc59657d459b7808623847299c78205d0fd7c7ba6
                                                                • Instruction Fuzzy Hash: 93F0B472302115AB83109A5DAD4096BF7DEDBCA7B0B2003A7FC2CC33E0E9618C0153D4
                                                                Function 0049C6A4 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlAllocateHeap.NTDLL(00000008,0043FE48,00000001,?,00499445,00000001,00000364,00000001,00000006,000000FF,?,004AD408,0043FE4A,0043FE44,?), ref: 0049C6E5
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AllocateHeap
                                                                • String ID:
                                                                • API String ID: 1279760036-0
                                                                • Opcode ID: 934b5854b3b2fba1ba84eb25d33e8f66ddb7b9c5617b0a1ffb822db2bfc3c07a
                                                                • Instruction ID: bf89d2d5fe5833ab0f4bff440cdb33f04d1e0b68cec02520bce29c64fa949510
                                                                • Opcode Fuzzy Hash: 934b5854b3b2fba1ba84eb25d33e8f66ddb7b9c5617b0a1ffb822db2bfc3c07a
                                                                • Instruction Fuzzy Hash: 82F0BE322852256BAF215B229D85B5B3F589B417E0F195037FC08EA290CE78EC008AEC
                                                                Function 004406AD Relevance: 1.5, APIs: 1, Instructions: 36fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindNextFileW.KERNELBASE(00000000,?), ref: 004406F2
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FileFindNext
                                                                • String ID:
                                                                • API String ID: 2029273394-0
                                                                • Opcode ID: df8edaa59d5e1f82e8cad7747c6b34272b3092e2e70faf3eef711e3f2ee9bc11
                                                                • Instruction ID: a1ffe5c8ce5f1f1a4397a2b9345f76ae3c812c30bf0ac5870f9d4861cf5b4c4e
                                                                • Opcode Fuzzy Hash: df8edaa59d5e1f82e8cad7747c6b34272b3092e2e70faf3eef711e3f2ee9bc11
                                                                • Instruction Fuzzy Hash: 95015631A0625DDFEB20DFA4D988BAEBBB4EF14314F2040DAD909A7282C7346E04DF55
                                                                Function 0049D15A Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlAllocateHeap.NTDLL(00000000,00000001,0043FE44,?,004AD408,0043FE4A,0043FE44,?,?,?,00434C2F,0043FE48,0043FE48), ref: 0049D18C
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AllocateHeap
                                                                • String ID:
                                                                • API String ID: 1279760036-0
                                                                • Opcode ID: 7ee9b205990c537f360d36ea94f63206e53d45b0dbf15067b0b63116574bd50f
                                                                • Instruction ID: de2ad87b2feeaf860c8dfd974d012cc9eb33a1afe18dd843800594eb24cb3dbb
                                                                • Opcode Fuzzy Hash: 7ee9b205990c537f360d36ea94f63206e53d45b0dbf15067b0b63116574bd50f
                                                                • Instruction Fuzzy Hash: 08E0E533A0132166EF212BA6AD02B5B3E48CB513A0F190137EC18962C4CB28DC0082ED
                                                                Function 004A8D62 Relevance: 1.5, APIs: 1, Instructions: 20COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: H_prolog3
                                                                • String ID:
                                                                • API String ID: 431132790-0
                                                                • Opcode ID: 3aba680758f6379cc1f0e69a772bc6cab6bd8c88bcc4b04971677c60b68784ff
                                                                • Instruction ID: f589969de9c028132caa70972cc51c37c6bf7195d426b38a2c2fae52dece88af
                                                                • Opcode Fuzzy Hash: 3aba680758f6379cc1f0e69a772bc6cab6bd8c88bcc4b04971677c60b68784ff
                                                                • Instruction Fuzzy Hash: 71E09A76C4020D9ADB40DFD5C486BEFB7BCAB14304F50406BA205E6181EB7857448BE5
                                                                Function 004BC233 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateFileW.KERNEL32(?,00000000,?,004BC623,?,?,00000000,?,004BC623,?,0000000C), ref: 004BC250
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CreateFile
                                                                • String ID:
                                                                • API String ID: 823142352-0
                                                                • Opcode ID: dd275b77e4c8549b8163696f0af87788398892aa77d507c51891a1137c56f0af
                                                                • Instruction ID: c65ff2ef24fd0563ec255788cd93a1d7270b85fbbbb51eec7110af243f851585
                                                                • Opcode Fuzzy Hash: dd275b77e4c8549b8163696f0af87788398892aa77d507c51891a1137c56f0af
                                                                • Instruction Fuzzy Hash: 05D06C3200010DBBDF028F84EC06FDA3BAAFB48714F018010BA1866020C732E821ABA4
                                                                Function 004B9AE2 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetNativeSystemInfo.KERNEL32(?,?,?,00486DD6,?,?,?,8762CD73,?,?), ref: 004B9AEC
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: InfoNativeSystem
                                                                • String ID:
                                                                • API String ID: 1721193555-0
                                                                • Opcode ID: 19af6f8f66515c3ad7801cfde8998948d5a7d817498514074e40bdf49eb42b08
                                                                • Instruction ID: f88b8e15ca571a688dc5d535dfb7cb0f1e1a76fd2fb5174ce8f8aecae7ce3306
                                                                • Opcode Fuzzy Hash: 19af6f8f66515c3ad7801cfde8998948d5a7d817498514074e40bdf49eb42b08
                                                                • Instruction Fuzzy Hash: 0EC09B7490610E97CF00E7E5D94D88E77FCA608204F4004A1D551E3140E770FD45C795

                                                                Non-executed Functions

                                                                Function 0048A0A0 Relevance: 23.1, APIs: 10, Strings: 3, Instructions: 325nativelibraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleA.KERNEL32(ntdll.dll,NtDuplicateObject,8762CD73,?,?), ref: 0048A0F7
                                                                • GetProcAddress.KERNEL32(00000000), ref: 0048A0FE
                                                                • OpenProcess.KERNEL32(00000040,00000000,00000000), ref: 0048A12A
                                                                • NtQuerySystemInformation.NTDLL(00000010,00000000,00000014,00000000), ref: 0048A153
                                                                • NtQuerySystemInformation.NTDLL(00000010,00000000,00000000,00000000), ref: 0048A178
                                                                • GetCurrentProcess.KERNEL32 ref: 0048A1FD
                                                                • NtQueryObject.NTDLL ref: 0048A22B
                                                                • GetFinalPathNameByHandleA.KERNEL32(00000000,00000000,00000104,00000000,00000104,?,00000104,00000000), ref: 0048A315
                                                                • CloseHandle.KERNEL32(00000000), ref: 0048A3E6
                                                                • CloseHandle.KERNEL32(00000000), ref: 0048A441
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Handle$Query$CloseInformationProcessSystem$AddressCurrentFinalModuleNameObjectOpenPathProc
                                                                • String ID: File$NtDuplicateObject$ntdll.dll
                                                                • API String ID: 2729825427-3955674919
                                                                • Opcode ID: 8320b73641bfe2fd6a36d39389df1be313783445bc61d84dd6fe8aca722285e2
                                                                • Instruction ID: 0800680efb81c18e2f896ca5fb1c4f1751909ec1a20682d0b449f1ef79601e33
                                                                • Opcode Fuzzy Hash: 8320b73641bfe2fd6a36d39389df1be313783445bc61d84dd6fe8aca722285e2
                                                                • Instruction Fuzzy Hash: C3C1DE71D00218AFEF10EFA4DC45BAEBBB5FF44704F14452AE801A7281E7B9AD45CB96
                                                                Function 0048A710 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 215stringmemorynativeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlAcquirePebLock.NTDLL(8762CD73,00000000,00000000), ref: 0048A766
                                                                • NtAllocateVirtualMemory.NTDLL ref: 0048A78F
                                                                • lstrcpyW.KERNEL32(?), ref: 0048A7C6
                                                                • lstrcatW.KERNEL32(?), ref: 0048A8CD
                                                                • NtAllocateVirtualMemory.NTDLL ref: 0048A904
                                                                • lstrcpyW.KERNEL32(?), ref: 0048AA0F
                                                                • RtlInitUnicodeString.NTDLL(-00000037), ref: 0048AA28
                                                                • RtlInitUnicodeString.NTDLL(-0000003F), ref: 0048AA37
                                                                • LdrEnumerateLoadedModules.NTDLL ref: 0048AA44
                                                                • RtlReleasePebLock.NTDLL ref: 0048AA4A
                                                                  • Part of subcall function 00480F90: SHGetKnownFolderPath.SHELL32(004E05C0,00000000,00000000,?,8762CD73,?,?), ref: 0048101E
                                                                  • Part of subcall function 00480F90: CoTaskMemFree.OLE32(?), ref: 004810DC
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AllocateInitLockMemoryStringUnicodeVirtuallstrcpy$AcquireEnumerateFolderFreeKnownLoadedModulesPathReleaseTasklstrcat
                                                                • String ID: 0Qv
                                                                • API String ID: 573923072-416853194
                                                                • Opcode ID: 9f0bc586ea1a7da28060736a8c13b163a192ecd6657979f9a74a2ad2d362be03
                                                                • Instruction ID: 1d72f842e61e5ce7feef92d17fc1071c4f69874d6174494518bfda03acdacd70
                                                                • Opcode Fuzzy Hash: 9f0bc586ea1a7da28060736a8c13b163a192ecd6657979f9a74a2ad2d362be03
                                                                • Instruction Fuzzy Hash: D6B190B4D05268EFDB14CFA9D885A9DBBB5FF08314F10822AE825A7361DB346946CF44
                                                                Function 00477EE0 Relevance: 18.3, APIs: 12, Instructions: 289COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CoInitializeEx.OLE32(00000000,00000000,8762CD73,?,?), ref: 00477F5C
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Initialize
                                                                • String ID:
                                                                • API String ID: 2538663250-0
                                                                • Opcode ID: eec43777c261d8a2dab22aea29dbdf31e886a527831d6dfb0425ac795999018e
                                                                • Instruction ID: d5989f67fd172e1006781f95ff6e7d6cbd1369fc69074948a5cb2319df95c689
                                                                • Opcode Fuzzy Hash: eec43777c261d8a2dab22aea29dbdf31e886a527831d6dfb0425ac795999018e
                                                                • Instruction Fuzzy Hash: 12D1F170D04288DBDB11CFA8D848BEDBBB0FF15314F14824AE508BB291DB796AC9DB55
                                                                Function 0047D2F0 Relevance: 17.9, APIs: 1, Strings: 9, Instructions: 410COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 004517F0: Concurrency::cancel_current_task.LIBCPMT ref: 004518C2
                                                                  • Part of subcall function 0044DCC0: std::ios_base::_Addstd.LIBCPMT ref: 0044DDEF
                                                                  • Part of subcall function 00436640: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 004366E9
                                                                • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0047D95A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: std::ios_base::_$Ios_base_dtor$AddstdConcurrency::cancel_current_task
                                                                • String ID: .cmd$.exe$.ps1$.vbs$.G$0hC$abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+=-&^%$#@!(){}[},.;'$open$runas
                                                                • API String ID: 2154145882-3307477358
                                                                • Opcode ID: 6595408e174a39f32e18d343271d234c9a7f1da95b1be23f008c122fddbd1b18
                                                                • Instruction ID: f5ba6b163c3a98fee3f853caf05b9595179ad2eb3f8f0c36a39513699dfd7300
                                                                • Opcode Fuzzy Hash: 6595408e174a39f32e18d343271d234c9a7f1da95b1be23f008c122fddbd1b18
                                                                • Instruction Fuzzy Hash: 6A122770D00268DFDB20DF64CD85BDEBBB4AF19304F1481EAE849A7282DB755A84CF95
                                                                Function 0047AE80 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 41COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • BCryptOpenAlgorithmProvider.BCRYPT(?,AES,00000000,00000000,00000001,?,0047AF9D,?,?,8762CD73), ref: 0047AE91
                                                                • BCryptSetProperty.BCRYPT(?,ChainingMode,ChainingModeGCM,00000020,00000000), ref: 0047AEAB
                                                                • BCryptGenerateSymmetricKey.BCRYPT(?,?,00000000,00000000,?,?,00000000), ref: 0047AECF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Crypt$AlgorithmGenerateOpenPropertyProviderSymmetric
                                                                • String ID: AES$ChainingMode$ChainingModeGCM
                                                                • API String ID: 1692524283-1213888626
                                                                • Opcode ID: b81ac72cefcce56172d4d4bf7609f9087b605a60a83836cd33b6e41b4b4cf51e
                                                                • Instruction ID: 8d127e15825cd86a398cba4dadb085fb92217d3de15f733cf2195ed64ba2db48
                                                                • Opcode Fuzzy Hash: b81ac72cefcce56172d4d4bf7609f9087b605a60a83836cd33b6e41b4b4cf51e
                                                                • Instruction Fuzzy Hash: 1CF03031381710BBE7309E65AC4AFDB7BA8FB44F10F10492AFA41DA1D0D7A0F8559B5A
                                                                Function 0046B620 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 331COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 0046B7DA
                                                                • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 0046B81E
                                                                • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 0046B924
                                                                • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 0046B970
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ___std_fs_directory_iterator_advance@8
                                                                • String ID: .
                                                                • API String ID: 2610647541-248832578
                                                                • Opcode ID: 2e775b534ccb48514fa1d19158a196e6f147d360d3fd40777325cb8899fa8bdc
                                                                • Instruction ID: 99e23c5b304899c8ab8714ce46d423df57297e0934c6bc539a0dfe6d7ec6f1b4
                                                                • Opcode Fuzzy Hash: 2e775b534ccb48514fa1d19158a196e6f147d360d3fd40777325cb8899fa8bdc
                                                                • Instruction Fuzzy Hash: 77C1BF75A016269FCB20DF18C8847AAB3B5FF44314F14829AD915D7390EB39AD85CFC6
                                                                Function 004A6109 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLocaleInfoW.KERNEL32(?,2000000B,004A641B,00000002,00000000,?,?,?,004A641B,?,00000000), ref: 004A61A2
                                                                • GetLocaleInfoW.KERNEL32(?,20001004,004A641B,00000002,00000000,?,?,?,004A641B,?,00000000), ref: 004A61CB
                                                                • GetACP.KERNEL32(?,?,004A641B,?,00000000), ref: 004A61E0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: InfoLocale
                                                                • String ID: ACP$OCP
                                                                • API String ID: 2299586839-711371036
                                                                • Opcode ID: 83dfd683b9c94d176d38183288480b868ca78ec3c44069a2c66a1e4373e54840
                                                                • Instruction ID: 02a1f9ff6d074017cf30d732e6d651dacf3b6180dce544ba7b26bbdffeda2481
                                                                • Opcode Fuzzy Hash: 83dfd683b9c94d176d38183288480b868ca78ec3c44069a2c66a1e4373e54840
                                                                • Instruction Fuzzy Hash: 14217731B00101A6DB348F54C901A9BBBA7EB76B54B5F8466E909D7302EB36DE41C358
                                                                Function 004A62E5 Relevance: 7.7, APIs: 5, Instructions: 182COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 004992A7: GetLastError.KERNEL32(00000000,?,004A2D01), ref: 004992AB
                                                                  • Part of subcall function 004992A7: SetLastError.KERNEL32(00000000,00000000,00000001,00000006,000000FF), ref: 0049934D
                                                                • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 004A63ED
                                                                • IsValidCodePage.KERNEL32(00000000), ref: 004A642B
                                                                • IsValidLocale.KERNEL32(?,00000001), ref: 004A643E
                                                                • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 004A6486
                                                                • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 004A64A1
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                • String ID:
                                                                • API String ID: 415426439-0
                                                                • Opcode ID: 478fc60fa90a9ec9e197162e05efa7e840982a7b058c794a341e424fb9183a7c
                                                                • Instruction ID: c25bf07a23f3a9ec008bfe0b344d9b34e57977eb2ee5f51d57588e3c0d66081e
                                                                • Opcode Fuzzy Hash: 478fc60fa90a9ec9e197162e05efa7e840982a7b058c794a341e424fb9183a7c
                                                                • Instruction Fuzzy Hash: B351C031A00205ABDF10DFA5CC41AAF77B8BF2A700F09446BF905EB2C0D778D9058B68
                                                                Function 004A5970 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 254COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 004992A7: GetLastError.KERNEL32(00000000,?,004A2D01), ref: 004992AB
                                                                  • Part of subcall function 004992A7: SetLastError.KERNEL32(00000000,00000000,00000001,00000006,000000FF), ref: 0049934D
                                                                • GetACP.KERNEL32(?,?,?,?,?,?,00499D39,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 004A5A2F
                                                                • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00499D39,?,?,?,00000055,?,-00000050,?,?), ref: 004A5A66
                                                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 004A5BC9
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ErrorLast$CodeInfoLocalePageValid
                                                                • String ID: utf8
                                                                • API String ID: 607553120-905460609
                                                                • Opcode ID: 04b3e337810216b61eac7fea49992564720a065615442711857ddc30d61a34d4
                                                                • Instruction ID: 57bf36a595626d2e68748195e450517760c1dbe6c14d68ec56d01c4c71c4df41
                                                                • Opcode Fuzzy Hash: 04b3e337810216b61eac7fea49992564720a065615442711857ddc30d61a34d4
                                                                • Instruction Fuzzy Hash: F771FA71600B01ABDB24AB75CD82BAB73ACEF66714F14052FF505D7281E778E940866D
                                                                Function 00497B2D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000001), ref: 00497C25
                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000001), ref: 00497C2F
                                                                • UnhandledExceptionFilter.KERNEL32(-00000327,?,?,?,?,?,00000001), ref: 00497C3C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                • String ID: /LC
                                                                • API String ID: 3906539128-2135541996
                                                                • Opcode ID: ba9b98a76fbca1403476e1f0242b14846ec85a4183b9da3279bb0f6910b30b28
                                                                • Instruction ID: bfbf58602b6ed5b9f74246d621f9e13e9ead8f3e4535d75d7aa199c35e3273ea
                                                                • Opcode Fuzzy Hash: ba9b98a76fbca1403476e1f0242b14846ec85a4183b9da3279bb0f6910b30b28
                                                                • Instruction Fuzzy Hash: 3231D274901229ABCB21DF65DC8878DBBB8BF18710F5041EAE40CA7250E7349F858F48
                                                                Function 00493800 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4ea11f6e400efd71b53824ee55fa65b6dac5785e4ad25e6ab9d2c54b6af7400f
                                                                • Instruction ID: d1eb0eda3f30262f0aa428ac7e9151949e9d9ef7bd25f7153de96db8ebdefec9
                                                                • Opcode Fuzzy Hash: 4ea11f6e400efd71b53824ee55fa65b6dac5785e4ad25e6ab9d2c54b6af7400f
                                                                • Instruction Fuzzy Hash: DB023C71E002199BDF14CFA9C9806AEFBF1FF89315F24826AE519E7341D735AE018B94
                                                                Function 0015BF4B Relevance: 6.2, APIs: 4, Instructions: 205COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0015C03B
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242784215.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000003.00000002.2242762091.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242815596.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242836543.000000000016A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242864527.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242886972.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: FileFindFirst
                                                                • String ID:
                                                                • API String ID: 1974802433-0
                                                                • Opcode ID: c9ea7e229103684f77dbb7de760379f4e8c4a6b50bbd98fce2b1661110f0f93f
                                                                • Instruction ID: bf14f25413f7bdb3324f76bc584791f3a26fa323736a95623c797c69d9ce13b9
                                                                • Opcode Fuzzy Hash: c9ea7e229103684f77dbb7de760379f4e8c4a6b50bbd98fce2b1661110f0f93f
                                                                • Instruction Fuzzy Hash: 9671E8B1949228DFDF209F24CCC9AAEB7B5AF05302F5441DAE829AB151DB314EC98F50
                                                                Function 00498574 Relevance: 6.1, APIs: 4, Instructions: 82memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VirtualQuery.KERNEL32(?,?,0000001C), ref: 0049859D
                                                                • GetSystemInfo.KERNEL32(?,?,?,0000001C), ref: 004985B1
                                                                • VirtualAlloc.KERNEL32(?,-00000001,00001000,00000004,?,?,?,0000001C), ref: 00498602
                                                                • VirtualProtect.KERNEL32(?,-00000001,00000104,?,?,?,0000001C), ref: 00498617
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Virtual$AllocInfoProtectQuerySystem
                                                                • String ID:
                                                                • API String ID: 3562403962-0
                                                                • Opcode ID: 4e29c64980591c23c9d6474b97963c5f1eeeaad4aec7d0b9861b07a888b65890
                                                                • Instruction ID: 57c86550534b148c15952eeeaf39776b02a492ab104de77fe61266457f658886
                                                                • Opcode Fuzzy Hash: 4e29c64980591c23c9d6474b97963c5f1eeeaad4aec7d0b9861b07a888b65890
                                                                • Instruction Fuzzy Hash: 91217C72E00119ABCF20DFA9DD85AEFBBB8EF45754F05017AE905E7140EA349D04C794
                                                                Function 00155027 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 00155033
                                                                • IsDebuggerPresent.KERNEL32 ref: 001550FF
                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00155118
                                                                • UnhandledExceptionFilter.KERNEL32(?), ref: 00155122
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242784215.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000003.00000002.2242762091.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242815596.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242836543.000000000016A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242864527.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242886972.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                • String ID:
                                                                • API String ID: 254469556-0
                                                                • Opcode ID: fef6b53d4497aa0fbefe66b9c0912c73e97abee99b4ee75f326d4d8a7ea5da99
                                                                • Instruction ID: 2c8978603b72dc2f3cb8dce3ee40f17f097023ba6b33add60f8e3e32b7094b6b
                                                                • Opcode Fuzzy Hash: fef6b53d4497aa0fbefe66b9c0912c73e97abee99b4ee75f326d4d8a7ea5da99
                                                                • Instruction Fuzzy Hash: CB31F975D05219DBDB20DFA4DD497CDBBB8BF08305F1041EAE50DAB250EB719A888F45
                                                                Function 004AC6BF Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 004AC6CB
                                                                • IsDebuggerPresent.KERNEL32 ref: 004AC797
                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 004AC7B0
                                                                • UnhandledExceptionFilter.KERNEL32(?), ref: 004AC7BA
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                • String ID:
                                                                • API String ID: 254469556-0
                                                                • Opcode ID: 1a5f2cb74b25642d18f707c0b6da8939d9b46288bf323feffe580c9d32bdbba1
                                                                • Instruction ID: 70dc3419eb2b6db1900c7bd06373213fcab329736da06f39ceabfcfe7a7444e5
                                                                • Opcode Fuzzy Hash: 1a5f2cb74b25642d18f707c0b6da8939d9b46288bf323feffe580c9d32bdbba1
                                                                • Instruction Fuzzy Hash: E1314A75C012189BDF21DF61DC897CEBBB8BF18700F1041AAE40DAB250E7759A84CF48
                                                                Function 0043D4A0 Relevance: 6.0, APIs: 1, Strings: 2, Instructions: 725COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID: content$filename
                                                                • API String ID: 0-474635906
                                                                • Opcode ID: b66f7423e610c841824d5b72251d930196416b83facb86d1c8f8609f3cb58a8b
                                                                • Instruction ID: d087ffba84baf14db51f89a037efaf3a0efd4671473d6540ebf1f333b1c0f3d3
                                                                • Opcode Fuzzy Hash: b66f7423e610c841824d5b72251d930196416b83facb86d1c8f8609f3cb58a8b
                                                                • Instruction Fuzzy Hash: 5392EEB0C052AC9BDB66DF68D9857DDBBB4AF18308F1441DAE80CA7252EB741B84CF45
                                                                Function 004B824D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLocaleInfoEx.KERNEL32(!x-sys-default-locale,20000001,00000000,00000002,?,?,00435B2A,?,?), ref: 004B8261
                                                                • FormatMessageA.KERNEL32(00001300,00000000,00000000,00000000,?,00000000,00000000,?,?,00435B2A,?,?), ref: 004B8288
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FormatInfoLocaleMessage
                                                                • String ID: !x-sys-default-locale
                                                                • API String ID: 4235545615-2729719199
                                                                • Opcode ID: 84205eb8d4b061531bed3096fe064d3d6fd842fcad4d2f7a7c64ada32d2dc388
                                                                • Instruction ID: 4f66f40a8a4f046c7b0032d4e1a4b833dd41128cf422eed9181fa496fdef01a0
                                                                • Opcode Fuzzy Hash: 84205eb8d4b061531bed3096fe064d3d6fd842fcad4d2f7a7c64ada32d2dc388
                                                                • Instruction Fuzzy Hash: 1AF030B5511108FFEF089BD5DC0EEEB77ACEB09394F10416AB501D6150E6B0AE00D778
                                                                Function 004A5D8D Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 004992A7: GetLastError.KERNEL32(00000000,?,004A2D01), ref: 004992AB
                                                                  • Part of subcall function 004992A7: SetLastError.KERNEL32(00000000,00000000,00000001,00000006,000000FF), ref: 0049934D
                                                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 004A5DE1
                                                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 004A5E2B
                                                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 004A5EF1
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: InfoLocale$ErrorLast
                                                                • String ID:
                                                                • API String ID: 661929714-0
                                                                • Opcode ID: 4e5522a14392cd0b3bbc4aa0c2beba558a9818cfc0a7be593c71ffc28e535be1
                                                                • Instruction ID: 962ae09c726557bba2a742099c161f9beda31160a96e42ffbc7faebc0f235ca1
                                                                • Opcode Fuzzy Hash: 4e5522a14392cd0b3bbc4aa0c2beba558a9818cfc0a7be593c71ffc28e535be1
                                                                • Instruction Fuzzy Hash: D86190715416079FDB28DF28CE82BABB7A8EF25305F1440BBE905C6285E738DE41CB58
                                                                Function 0047AAE0 Relevance: 3.2, APIs: 2, Instructions: 249COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7a5cc1d22bd71ddba461825bf1e5a719f52907f0f441b03632678b65b188f3f2
                                                                • Instruction ID: 33f7787d24f7b6ada88b2ec4e837cc4b10ca5ac34968b166931d9a07c874724e
                                                                • Opcode Fuzzy Hash: 7a5cc1d22bd71ddba461825bf1e5a719f52907f0f441b03632678b65b188f3f2
                                                                • Instruction Fuzzy Hash: 21B1A170D04249DFDB10CFA4C884BEEBBB5FF89304F20825AD505AB381D778A984CB96
                                                                Function 00440B60 Relevance: 3.1, APIs: 2, Instructions: 137encryptionCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CryptUnprotectData.CRYPT32(?,00000000,?,00000000,00000000,00000001,?), ref: 00440BFA
                                                                • LocalFree.KERNEL32(?,00000000), ref: 00440C8E
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CryptDataFreeLocalUnprotect
                                                                • String ID:
                                                                • API String ID: 1561624719-0
                                                                • Opcode ID: 691253dd090d0692abb79b75d9c07df8674f2c8687ba40f9476d8420fea36caa
                                                                • Instruction ID: f58a043fe36a424058588bce6ee5e9d112fd586f94ce921f9f6943f9dc7e0036
                                                                • Opcode Fuzzy Hash: 691253dd090d0692abb79b75d9c07df8674f2c8687ba40f9476d8420fea36caa
                                                                • Instruction Fuzzy Hash: 68517E70D00249DBEB00CFA9C8457DEFBB4FF14308F14821AE8547B281D7B96A48CBA5
                                                                Function 0047A950 Relevance: 3.1, APIs: 2, Instructions: 119encryptionCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CryptProtectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 0047A9B8
                                                                • LocalFree.KERNEL32(?,00000000), ref: 0047AA4F
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CryptDataFreeLocalProtect
                                                                • String ID:
                                                                • API String ID: 2714945720-0
                                                                • Opcode ID: 1650d13529f5b5e644ab9d1fc943a2e59ee628ce821009b7a4047a2a1a045cf0
                                                                • Instruction ID: 6fc12887242d51354b1d4be44c56afc8010d77d5c64fcd5971483ececb25fb38
                                                                • Opcode Fuzzy Hash: 1650d13529f5b5e644ab9d1fc943a2e59ee628ce821009b7a4047a2a1a045cf0
                                                                • Instruction Fuzzy Hash: 7351BF70D00249EBEB00CFA5D945BDEFBB4FF54308F10821AE81077281D7B96A58CBA5
                                                                Function 004A5FE0 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 004992A7: GetLastError.KERNEL32(00000000,?,004A2D01), ref: 004992AB
                                                                  • Part of subcall function 004992A7: SetLastError.KERNEL32(00000000,00000000,00000001,00000006,000000FF), ref: 0049934D
                                                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 004A6034
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ErrorLast$InfoLocale
                                                                • String ID:
                                                                • API String ID: 3736152602-0
                                                                • Opcode ID: 56b126747d64a408f8cb97836ba55e90b6bea24853320db90e581c5e767a0a51
                                                                • Instruction ID: 4410453ce78f061189afbc458556258a4ff070a6a13362461f6e96f76a4d0aba
                                                                • Opcode Fuzzy Hash: 56b126747d64a408f8cb97836ba55e90b6bea24853320db90e581c5e767a0a51
                                                                • Instruction Fuzzy Hash: A121B232655206ABDF28DF25DC41A7B77ACEF61314B1500BFFA01C6281EB38ED408A58
                                                                Function 004A5C67 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 004992A7: GetLastError.KERNEL32(00000000,?,004A2D01), ref: 004992AB
                                                                  • Part of subcall function 004992A7: SetLastError.KERNEL32(00000000,00000000,00000001,00000006,000000FF), ref: 0049934D
                                                                • EnumSystemLocalesW.KERNEL32(004A5D8D,00000001,00000000,?,-00000050,?,004A63C1,00000000,?,?,?,00000055,?), ref: 004A5CD9
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ErrorLast$EnumLocalesSystem
                                                                • String ID:
                                                                • API String ID: 2417226690-0
                                                                • Opcode ID: e42620a4cb20c2da49a4224be13f12341b998f391a46648d9ba836fd2d73139f
                                                                • Instruction ID: 1406c895032231e24aa0afc96b0d01b76351fdf719fc880d52765eb770635e76
                                                                • Opcode Fuzzy Hash: e42620a4cb20c2da49a4224be13f12341b998f391a46648d9ba836fd2d73139f
                                                                • Instruction Fuzzy Hash: 1711E537600B015FDB18AF79C9916BABB92FF91368B18842EE94787B40E375A942C744
                                                                Function 004A620F Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 004992A7: GetLastError.KERNEL32(00000000,?,004A2D01), ref: 004992AB
                                                                  • Part of subcall function 004992A7: SetLastError.KERNEL32(00000000,00000000,00000001,00000006,000000FF), ref: 0049934D
                                                                • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,004A5FA9,00000000,00000000,?), ref: 004A623B
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ErrorLast$InfoLocale
                                                                • String ID:
                                                                • API String ID: 3736152602-0
                                                                • Opcode ID: afed30a40adaf0fe2c2ae6d6b95a375c8a19700a8aa4b2d509547a2ce32d92aa
                                                                • Instruction ID: 9487850153f17b5aff8b54b84101990ee62d9d6b8c11e223cf6e38bc87e8a6da
                                                                • Opcode Fuzzy Hash: afed30a40adaf0fe2c2ae6d6b95a375c8a19700a8aa4b2d509547a2ce32d92aa
                                                                • Instruction Fuzzy Hash: 3C01DB33A10112ABDF286A658D06BBB7768DB51754F1A446FEC06A3680DA38ED41C698
                                                                Function 004A5D02 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 004992A7: GetLastError.KERNEL32(00000000,?,004A2D01), ref: 004992AB
                                                                  • Part of subcall function 004992A7: SetLastError.KERNEL32(00000000,00000000,00000001,00000006,000000FF), ref: 0049934D
                                                                • EnumSystemLocalesW.KERNEL32(004A5FE0,00000001,00000005,?,-00000050,?,004A6389,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 004A5D4C
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ErrorLast$EnumLocalesSystem
                                                                • String ID:
                                                                • API String ID: 2417226690-0
                                                                • Opcode ID: eaaeaeafc5fac60a840ad3651ae3e1ab29e3739c136bdf2006a19ad432905435
                                                                • Instruction ID: c98a1cf7b30e52ba405588815af828edc546cc3ef2e56581ce593e44f0a9addd
                                                                • Opcode Fuzzy Hash: eaaeaeafc5fac60a840ad3651ae3e1ab29e3739c136bdf2006a19ad432905435
                                                                • Instruction Fuzzy Hash: 2AF022362007041FCB246F799885A6A7BA5EB81368F14842EF9054B690C2759C02C658
                                                                Function 0049C70E Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0049B2E1: EnterCriticalSection.KERNEL32(-0051B45F,?,004A6D40,00000000,005137C8,0000000C,004A6D08,0043FE48,?,0049C6D7,0043FE48,?,00499445,00000001,00000364,00000001), ref: 0049B2F0
                                                                • EnumSystemLocalesW.KERNEL32(0049C701,00000001,00513580,0000000C,0049CB55,00000000), ref: 0049C746
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                • String ID:
                                                                • API String ID: 1272433827-0
                                                                • Opcode ID: 69dda01542ccd3eab63414d956f3fcf1c5f44d3c23f22103bfe59f95768ac423
                                                                • Instruction ID: a78643f9f3df08ccc8addbe33751412e33acbb4152fc9e9c363d2dc9b4240f3c
                                                                • Opcode Fuzzy Hash: 69dda01542ccd3eab63414d956f3fcf1c5f44d3c23f22103bfe59f95768ac423
                                                                • Instruction Fuzzy Hash: A0F04972A40205EFEB00DFA9E882B9C7BF0FB55725F10816BF415EB2A0D77959049F44
                                                                Function 0047AE10 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • BCryptCloseAlgorithmProvider.BCRYPT(?,00000000,8762CD73,?,?,?,004CB69D,000000FF), ref: 0047AE4A
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AlgorithmCloseCryptProvider
                                                                • String ID:
                                                                • API String ID: 3378198380-0
                                                                • Opcode ID: ba7b4d00b8746e9ab6913010367bb35a0b16d4da032a75110d36ee2580577608
                                                                • Instruction ID: 7a92f9e53ad6301b38de286dc83f6de03fbb372fed7888f050c821ed69dc0e63
                                                                • Opcode Fuzzy Hash: ba7b4d00b8746e9ab6913010367bb35a0b16d4da032a75110d36ee2580577608
                                                                • Instruction Fuzzy Hash: B1F06D71A44618ABD720CF58DC05B9AB7F8EB04B20F10476FE821A37C0D779A9008B94
                                                                Function 004A5C1C Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 004992A7: GetLastError.KERNEL32(00000000,?,004A2D01), ref: 004992AB
                                                                  • Part of subcall function 004992A7: SetLastError.KERNEL32(00000000,00000000,00000001,00000006,000000FF), ref: 0049934D
                                                                • EnumSystemLocalesW.KERNEL32(004A5B75,00000001,00000005,?,?,004A63E3,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 004A5C53
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ErrorLast$EnumLocalesSystem
                                                                • String ID:
                                                                • API String ID: 2417226690-0
                                                                • Opcode ID: f5bcbf328ab98889824a8f4a2aca38cb232a0aaea5e92dc81316268b5f07e0b0
                                                                • Instruction ID: 8029f739405c8b6d15305cd3561d0adeac93de3ed34cfe121213407b3ae16d1c
                                                                • Opcode Fuzzy Hash: f5bcbf328ab98889824a8f4a2aca38cb232a0aaea5e92dc81316268b5f07e0b0
                                                                • Instruction Fuzzy Hash: B1F05C3630030557CB049F35D84576A7F54EFD2724F06005EEA058B690C6769842C754
                                                                Function 0049CCB0 Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,0049A8AF,?,20001004,00000000,00000002,?,?,00499EA1), ref: 0049CCE4
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: InfoLocale
                                                                • String ID:
                                                                • API String ID: 2299586839-0
                                                                • Opcode ID: f7abdc218717ea54d8d13a8a84f23afce84eed1fa1e88fe8fac7f9052fbf838e
                                                                • Instruction ID: eb41334156ced680ef33706ab3692b9e9ee117c5b5a07fe61c85a323d836a744
                                                                • Opcode Fuzzy Hash: f7abdc218717ea54d8d13a8a84f23afce84eed1fa1e88fe8fac7f9052fbf838e
                                                                • Instruction Fuzzy Hash: BDE04F35501228BBCF122F61DC04EAE7F16EF84761F004036FC0A66261CB368D21AAD9
                                                                Function 00477B00 Relevance: 31.7, APIs: 21, Instructions: 230processCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,8762CD73,?,?), ref: 00477B54
                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 00477BB9
                                                                • Process32NextW.KERNEL32(00000000,0000022C), ref: 00477BE0
                                                                • OpenProcess.KERNEL32(00000400,00000000,?), ref: 00477BFD
                                                                • OpenProcessToken.ADVAPI32(00000000,0000000E,?), ref: 00477C2A
                                                                • GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),00000000,00000000,00000000), ref: 00477C4D
                                                                • GetLastError.KERNEL32 ref: 00477C5B
                                                                • GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),00000000,00000000,00000000), ref: 00477C9C
                                                                • CloseHandle.KERNEL32(00000000), ref: 00477CA7
                                                                • CloseHandle.KERNEL32(?), ref: 00477CAF
                                                                • CloseHandle.KERNEL32(?), ref: 00477E29
                                                                • Process32NextW.KERNEL32(?,0000022C), ref: 00477E39
                                                                • CloseHandle.KERNEL32(?), ref: 00477E62
                                                                • CloseHandle.KERNEL32(00000000), ref: 00477E65
                                                                • CloseHandle.KERNEL32(00000000), ref: 00477E84
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CloseHandle$Process32Token$InformationNextOpenProcess$CreateErrorFirstLastSnapshotToolhelp32
                                                                • String ID:
                                                                • API String ID: 1236848392-0
                                                                • Opcode ID: 8196f859269c8a2d89c48d56fc566d1cdbd904d5535603d3da99df98a23cf43e
                                                                • Instruction ID: 454ab3ae29a80d327a78c61064fadb2005c2365cc5293efb4604dbbba27fe465
                                                                • Opcode Fuzzy Hash: 8196f859269c8a2d89c48d56fc566d1cdbd904d5535603d3da99df98a23cf43e
                                                                • Instruction Fuzzy Hash: F6A15B709052189FDF219F24DC89BAEBBB8EF44700F5441EAE90CA2250EB359E84DF59
                                                                Function 0044E020 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 147COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 0044E070
                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 0044E092
                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 0044E0BA
                                                                • std::_Facet_Register.LIBCPMT ref: 0044E1D0
                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 0044E1FA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                • String ID: cC$`aC$p]C
                                                                • API String ID: 459529453-2177106863
                                                                • Opcode ID: 3b4551e079cc5b39d29d7e7bdd64fe49162edcc9952f3099eaf8dfb465f0d5d9
                                                                • Instruction ID: 1ff138599dd9b712ad814e44402e9ca08be03e0a2a2e3ebe43d51928b08ed38c
                                                                • Opcode Fuzzy Hash: 3b4551e079cc5b39d29d7e7bdd64fe49162edcc9952f3099eaf8dfb465f0d5d9
                                                                • Instruction Fuzzy Hash: 99518BB0D00259DBEB10CF99C8457AEBBB4FB18314F24815ED811AB381DB79AA44CBA5
                                                                Function 004AAEF3 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,004AA85F), ref: 004AAF0C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: DecodePointer
                                                                • String ID: acos$asin$exp$log$log10$pow$sqrt
                                                                • API String ID: 3527080286-3064271455
                                                                • Opcode ID: 74ba9069d7c1eb0fdfb04e1fac74ca4f81e2e7f03cc06b4bb9d653b05ebe1574
                                                                • Instruction ID: 58aec3622616389bffb488f30e5ac45d5b57ecd31d6a71103e59991c775c814d
                                                                • Opcode Fuzzy Hash: 74ba9069d7c1eb0fdfb04e1fac74ca4f81e2e7f03cc06b4bb9d653b05ebe1574
                                                                • Instruction Fuzzy Hash: BE516C7090860ACFCF148F58D9481AFBFB0FB66300F558187E4A1A6355C7BD8966CB9A
                                                                Function 00452250 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 135COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 0045228D
                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 004522AF
                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 004522D7
                                                                • __Getcoll.LIBCPMT ref: 0045239F
                                                                • std::_Facet_Register.LIBCPMT ref: 004523EB
                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 00452415
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetcollRegister
                                                                • String ID: `aC$p]C
                                                                • API String ID: 1184649410-1363152631
                                                                • Opcode ID: ee0d8e80db7bf3ce5345385ae9befd7b19c844c70984252df4be432834496699
                                                                • Instruction ID: 568a7e1164ae6cef3cf0599e82aad122ccc02b6897634e5ab4797aad8f19cd87
                                                                • Opcode Fuzzy Hash: ee0d8e80db7bf3ce5345385ae9befd7b19c844c70984252df4be432834496699
                                                                • Instruction Fuzzy Hash: 49518B70800208DFDB01DF95C9457DEBBB4FF55318F24815ED805AB282DBB9AE49CBA9
                                                                Function 004AFE4C Relevance: 12.6, APIs: 3, Strings: 4, Instructions: 303COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • type_info::operator==.LIBVCRUNTIME ref: 004AFF6B
                                                                • ___TypeMatch.LIBVCRUNTIME ref: 004B0079
                                                                • CallUnexpected.LIBVCRUNTIME ref: 004B01E6
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CallMatchTypeUnexpectedtype_info::operator==
                                                                • String ID: <fM$csm$csm$csm
                                                                • API String ID: 1206542248-3599101812
                                                                • Opcode ID: aaac5c7749a7aa866996bcb2d51d73d9b1fe5293335fd4c63eebf0a3ecf9d180
                                                                • Instruction ID: 5ce913a956d0af8773c3ee17d9b542f15401108c10c26080aa375b564815456b
                                                                • Opcode Fuzzy Hash: aaac5c7749a7aa866996bcb2d51d73d9b1fe5293335fd4c63eebf0a3ecf9d180
                                                                • Instruction Fuzzy Hash: DBB19B71800209EFCF18DFA5C8809EFB7B5FF25315B10816BE8056B212D779DA15CBA9
                                                                Function 0047CF70 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 162COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 0047D113
                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 0047D118
                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 0047D11D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Concurrency::cancel_current_task
                                                                • String ID: `aC$false$p]C$true
                                                                • API String ID: 118556049-4224333681
                                                                • Opcode ID: fc25f6a8858bdc90a7f78ad0cc94d282a8ef03db695885ce467b4123cd5932c9
                                                                • Instruction ID: 10a02a47a4876ff195f080d04569540bf2a908c30d6efafbe52ebceab6b25fd0
                                                                • Opcode Fuzzy Hash: fc25f6a8858bdc90a7f78ad0cc94d282a8ef03db695885ce467b4123cd5932c9
                                                                • Instruction Fuzzy Hash: 73510871910745DBDB20DF65C801B9EBBF4EF04718F20862FE815A7781E7BAAA04CB95
                                                                Function 0047C6C0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 128COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 0047C6FD
                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 0047C71F
                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 0047C747
                                                                • std::_Facet_Register.LIBCPMT ref: 0047C834
                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 0047C85E
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                • String ID: `aC$p]C
                                                                • API String ID: 459529453-1363152631
                                                                • Opcode ID: 026aa07ec564b50549d32f646a8dd61011c7ae9d801dbb7833802f677d234be8
                                                                • Instruction ID: 399bbb442a0c6c40ac274560e971594f6ebfe9651e6100c107b7a0aaef0602e2
                                                                • Opcode Fuzzy Hash: 026aa07ec564b50549d32f646a8dd61011c7ae9d801dbb7833802f677d234be8
                                                                • Instruction Fuzzy Hash: 2C517A71900249DFDB15CF99C580BEEBBB4EB15318F24805ED409AB381DB79AE09CF95
                                                                Function 0047D190 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99networkfileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InternetOpenW.WININET(File Downloader,00000001,00000000,00000000,00000000), ref: 0047D22D
                                                                • InternetOpenUrlA.WININET(00000000,?,00000000,00000000,80000000,00000000), ref: 0047D256
                                                                • InternetReadFile.WININET(00000000,?,00001000,00000000), ref: 0047D27C
                                                                • InternetReadFile.WININET(00000000,?,00001000,00000000), ref: 0047D2B2
                                                                • InternetCloseHandle.WININET(00000000), ref: 0047D2B9
                                                                • InternetCloseHandle.WININET(?), ref: 0047D2C5
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Internet$CloseFileHandleOpenRead
                                                                • String ID: File Downloader
                                                                • API String ID: 4038090926-3631955488
                                                                • Opcode ID: 811208fdf33a36e9be3e42b468326af56e319a1deb0617af28b90d4cff8a8570
                                                                • Instruction ID: 638e9360adee8abd238f5bb9f06079602c51a7af3a4d5d450420b7b82b1eb562
                                                                • Opcode Fuzzy Hash: 811208fdf33a36e9be3e42b468326af56e319a1deb0617af28b90d4cff8a8570
                                                                • Instruction Fuzzy Hash: 5B318370A01655ABD730CF55CC45BEAB7B8EF44700F1041AAF549E7290DBB8AE84DFA8
                                                                Function 0015F878 Relevance: 12.2, APIs: 8, Instructions: 248COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242784215.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000003.00000002.2242762091.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242815596.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242836543.000000000016A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242864527.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242886972.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: __freea$__alloca_probe_16$Info
                                                                • String ID:
                                                                • API String ID: 127012223-0
                                                                • Opcode ID: 63ece9fc45d746690a6ba1273d6e9bd7336da885c49c0640a4feac5ff5a9fe03
                                                                • Instruction ID: a647d088bb42f3b931acc8a0c3a0ecd21a67c34ef3d9d756550cf09658b59eb5
                                                                • Opcode Fuzzy Hash: 63ece9fc45d746690a6ba1273d6e9bd7336da885c49c0640a4feac5ff5a9fe03
                                                                • Instruction Fuzzy Hash: B771D372904206EBDF209E64CC92FAE77A99F45316F29002DFD35AF281E7359C4A8791
                                                                Function 004B9D99 Relevance: 12.2, APIs: 8, Instructions: 225COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCPInfo.KERNEL32(?,?,?,?,?), ref: 004B9E24
                                                                • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 004B9EB0
                                                                • __alloca_probe_16.LIBCMT ref: 004B9EDA
                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 004B9F1B
                                                                • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 004B9F37
                                                                • __alloca_probe_16.LIBCMT ref: 004B9F5D
                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 004B9F9A
                                                                • CompareStringEx.KERNEL32(?,?,00000000,?,00000000,?,00000000,00000000,00000000), ref: 004B9FB7
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ByteCharMultiWide$__alloca_probe_16$CompareInfoString
                                                                • String ID:
                                                                • API String ID: 3603178046-0
                                                                • Opcode ID: 3ce074e6bcc7f87e0e4de1f7dc2ca851322fbe0f14b3b5897e042b4e817243f3
                                                                • Instruction ID: 05f54580d30f9e3720c8b3961695daa3f0f937b9c5610d8c2bd80885558d9d7b
                                                                • Opcode Fuzzy Hash: 3ce074e6bcc7f87e0e4de1f7dc2ca851322fbe0f14b3b5897e042b4e817243f3
                                                                • Instruction Fuzzy Hash: 7871AE3290021AABDF219F65CC85BFF7BB9AF05724F18405BEA04E6291D7398C40C7B9
                                                                Function 004B9AF7 Relevance: 12.2, APIs: 8, Instructions: 175COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 004B9B40
                                                                • __alloca_probe_16.LIBCMT ref: 004B9B6C
                                                                • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 004B9BAB
                                                                • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004B9BC8
                                                                • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 004B9C07
                                                                • __alloca_probe_16.LIBCMT ref: 004B9C24
                                                                • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004B9C66
                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 004B9C89
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                                • String ID:
                                                                • API String ID: 2040435927-0
                                                                • Opcode ID: 127654da753590042b08ac6595405d01716cfec311436dda6d72091204f46cc9
                                                                • Instruction ID: 0cb7a2a667138b596a59e049b57baa22d652deda395932da07ab0cb8239329c9
                                                                • Opcode Fuzzy Hash: 127654da753590042b08ac6595405d01716cfec311436dda6d72091204f46cc9
                                                                • Instruction Fuzzy Hash: A151BF7250020AABEF219F65CC44FEB7FB9EF50740F24412AFA05A6260D7399C11CB68
                                                                Function 00489F30 Relevance: 12.1, APIs: 8, Instructions: 134COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentProcess.KERNEL32(?,?), ref: 00489F4B
                                                                • GetProcessId.KERNEL32(00000000), ref: 00489F52
                                                                • RmStartSession.RSTRTMGR(?,00000041,?), ref: 00489F76
                                                                • RmRegisterResources.RSTRTMGR(?,00000001,?,00000000,00000000,00000000,00000000), ref: 00489F91
                                                                • RmGetList.RSTRTMGR(?,?,?,00000003,?), ref: 00489FD4
                                                                • RmGetList.RSTRTMGR(?,?,?,00000000,?), ref: 0048A020
                                                                • RmEndSession.RSTRTMGR(?), ref: 0048A04A
                                                                • RmEndSession.RSTRTMGR(?), ref: 0048A07A
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Session$ListProcess$CurrentRegisterResourcesStart
                                                                • String ID:
                                                                • API String ID: 3299295986-0
                                                                • Opcode ID: c8fc720c6df2cefa911e5ab8bfb66f499295b1f9aa4f52cb019436ebaefd8700
                                                                • Instruction ID: 0c548674b0cea8079c7009f79d794e669f8d4684f59b10cf2f6688a8c9d6d6ed
                                                                • Opcode Fuzzy Hash: c8fc720c6df2cefa911e5ab8bfb66f499295b1f9aa4f52cb019436ebaefd8700
                                                                • Instruction Fuzzy Hash: A7417971E011589BEF10AFE4DC44AEEBBBCEB45300F14412BE902EB254EB7A9C058B95
                                                                Function 00473B90 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 333COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ___std_exception_destroy.LIBVCRUNTIME ref: 00473D56
                                                                • ___std_exception_destroy.LIBVCRUNTIME ref: 00473D73
                                                                  • Part of subcall function 004AFA0C: RaiseException.KERNEL32(E06D7363,00000001,00000003,0043FE44,?,?,?,004B9080,0043FE44,00513AB0,?,0043FE44,?,?,0000000C,8762CD73), ref: 004AFA6C
                                                                • ___std_exception_destroy.LIBVCRUNTIME ref: 00473FC0
                                                                • ___std_exception_destroy.LIBVCRUNTIME ref: 00473FDD
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ___std_exception_destroy$ExceptionRaise
                                                                • String ID: MC$value
                                                                • API String ID: 299339551-3840657116
                                                                • Opcode ID: fad894e6791b73173a90b46eb5f7d570fcfb30b2d17f717ef1dd9171332bf87e
                                                                • Instruction ID: 838f8dd16b3ea7f4eeb45613560c02c2ef3b01355b1a5592379bf0a45a67ceab
                                                                • Opcode Fuzzy Hash: fad894e6791b73173a90b46eb5f7d570fcfb30b2d17f717ef1dd9171332bf87e
                                                                • Instruction Fuzzy Hash: 31F15A70C05298DEEB20DB65C954BDEFBB4AF19304F1482DAD44963282E7746B88CF96
                                                                Function 00155C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 122COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _ValidateLocalCookies.LIBCMT ref: 00155CB7
                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 00155CBF
                                                                • _ValidateLocalCookies.LIBCMT ref: 00155D48
                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 00155D73
                                                                • _ValidateLocalCookies.LIBCMT ref: 00155DC8
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242784215.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000003.00000002.2242762091.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242815596.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242836543.000000000016A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242864527.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242886972.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                • String ID: csm
                                                                • API String ID: 1170836740-1018135373
                                                                • Opcode ID: 11d728f961d2228de6224caa0d7e390a794cbde9e0e42c374779170c1a64b99a
                                                                • Instruction ID: c52cfdc71f1310df33c4aa1bf189bc8501025859cac4ead94dcfb8e4be1826be
                                                                • Opcode Fuzzy Hash: 11d728f961d2228de6224caa0d7e390a794cbde9e0e42c374779170c1a64b99a
                                                                • Instruction Fuzzy Hash: 6741E535A00618EBCF10DFA8CC98A9EBBF6EF44325F148055EC246F392D771A959CB91
                                                                Function 004AD600 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 122COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _ValidateLocalCookies.LIBCMT ref: 004AD637
                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 004AD63F
                                                                • _ValidateLocalCookies.LIBCMT ref: 004AD6C8
                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 004AD6F3
                                                                • _ValidateLocalCookies.LIBCMT ref: 004AD748
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                • String ID: csm
                                                                • API String ID: 1170836740-1018135373
                                                                • Opcode ID: 255d3a1bd88e468a9ea08ee1f7f85cdc8f29e10e22a0162dea8eb7e65443c785
                                                                • Instruction ID: fca86a332ffc7d642b39a5fdc798139505592cae81a3a9a41e25a428a24f43dc
                                                                • Opcode Fuzzy Hash: 255d3a1bd88e468a9ea08ee1f7f85cdc8f29e10e22a0162dea8eb7e65443c785
                                                                • Instruction Fuzzy Hash: 2741D834E002089BCF10DF69C880A9E7BB5BF66318F14815BE81A5B752D739EA01CF95
                                                                Function 001594CE Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,BB40E64E,?,001595DD,00152442,?,00000000,?), ref: 0015958F
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242784215.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000003.00000002.2242762091.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242815596.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242836543.000000000016A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242864527.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242886972.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: FreeLibrary
                                                                • String ID: api-ms-$ext-ms-
                                                                • API String ID: 3664257935-537541572
                                                                • Opcode ID: 7affb6c59a394bdbbf6f5f3616ab0a2aa38e90e5278069716d4f614a12a0c980
                                                                • Instruction ID: acd7f4008ea39d60b9136434c343c7033cda25d9e0e72691c37dd796aa33edfe
                                                                • Opcode Fuzzy Hash: 7affb6c59a394bdbbf6f5f3616ab0a2aa38e90e5278069716d4f614a12a0c980
                                                                • Instruction Fuzzy Hash: DF213D71A11211E7CB228724EC40A5A37689B557A2F150112FD26EF2D0FB70EE59C6D1
                                                                Function 0049C8FA Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • FreeLibrary.KERNEL32(00000000,?,0049CA09,0043FE48,00434C2F,00000000,00000001,0043FE4A,?,0049CC33,00000022,FlsSetValue,004D294C,FlsSetValue,00000001), ref: 0049C9BB
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FreeLibrary
                                                                • String ID: api-ms-$ext-ms-
                                                                • API String ID: 3664257935-537541572
                                                                • Opcode ID: 7c1f6f25a6eeb0dcc1b48f853c441653626ec7c6eb0710202be6e4b6adacda37
                                                                • Instruction ID: 9ca0f964f7470424b5d3057a4191f763ac6aa624da693043a33dcdca32e519f2
                                                                • Opcode Fuzzy Hash: 7c1f6f25a6eeb0dcc1b48f853c441653626ec7c6eb0710202be6e4b6adacda37
                                                                • Instruction Fuzzy Hash: A621E7B2A01211ABDF219B25ECC0B5F3B69AB527A4F250237E905A7390D738ED01C6DD
                                                                Function 00436640 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 004366E9
                                                                  • Part of subcall function 004AFA0C: RaiseException.KERNEL32(E06D7363,00000001,00000003,0043FE44,?,?,?,004B9080,0043FE44,00513AB0,?,0043FE44,?,?,0000000C,8762CD73), ref: 004AFA6C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ExceptionIos_base_dtorRaisestd::ios_base::_
                                                                • String ID: (>Q$0hC$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                • API String ID: 1903096808-798308736
                                                                • Opcode ID: 0ed2678322210cc8cc3a07b91dadb1e30d188d3d66194e55af3b44069607d8cc
                                                                • Instruction ID: 0e9c3b5a5aba75944b05d252eccadd5948fd44e578ec9c0118fa22ff265feac2
                                                                • Opcode Fuzzy Hash: 0ed2678322210cc8cc3a07b91dadb1e30d188d3d66194e55af3b44069607d8cc
                                                                • Instruction Fuzzy Hash: 4E1122B29046487BD710DB59DC02FAA7398EB09754F04862FFD58872C1EB3DA90487AA
                                                                Function 0015489F Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 15libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 001548A5
                                                                • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 001548B3
                                                                • GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 001548C4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242784215.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000003.00000002.2242762091.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242815596.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242836543.000000000016A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242864527.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242886972.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: AddressProc$HandleModule
                                                                • String ID: GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                                • API String ID: 667068680-1047828073
                                                                • Opcode ID: c054290cf9f879d82b62dcf5daa1332ea5d29f3d350cc431fc2c0270bf83b218
                                                                • Instruction ID: 8bc92b233fca3da3cd9febb653260e86c75851f549ae4c472f1427250c59023c
                                                                • Opcode Fuzzy Hash: c054290cf9f879d82b62dcf5daa1332ea5d29f3d350cc431fc2c0270bf83b218
                                                                • Instruction Fuzzy Hash: A1D0A732687A20EFC3109F787C0D84B3FA5EB043413010611F401D2651DFF404D4CBA0
                                                                Function 0049D57F Relevance: 9.3, APIs: 6, Instructions: 329COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8a850e4bd8366f6602f7f439948ddd996ec0ba155590deffeea4e3919eff859f
                                                                • Instruction ID: c45b587b2b6024bbc8d631f61cfde13028adc071dc65d72902c8bf59655bd6a7
                                                                • Opcode Fuzzy Hash: 8a850e4bd8366f6602f7f439948ddd996ec0ba155590deffeea4e3919eff859f
                                                                • Instruction Fuzzy Hash: 64B13572D00255AFDF11DF64CC81BAA7FA5EF55310F1441BBE454AB382D2789D01C7A9
                                                                Function 004A2113 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 370COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: __freea$__alloca_probe_16
                                                                • String ID: a/p$am/pm
                                                                • API String ID: 3509577899-3206640213
                                                                • Opcode ID: 2f1fc7fa59a782c27ac2a0a21d9667bbb23879f6a72bde815bccda8bcba835b0
                                                                • Instruction ID: 1d0f90a389a6ddb01c6eee3cfed114d4cdbff39c5c4e16d1e763b1923b69fac5
                                                                • Opcode Fuzzy Hash: 2f1fc7fa59a782c27ac2a0a21d9667bbb23879f6a72bde815bccda8bcba835b0
                                                                • Instruction Fuzzy Hash: 32C1BF35904212AADB298F6CCA947BB77B0FF2B300F14405BE905AB750D3BD9D42EB59
                                                                Function 0047CCA0 Relevance: 9.1, APIs: 6, Instructions: 108COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 0047CCD6
                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 0047CCF9
                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 0047CD21
                                                                • std::_Facet_Register.LIBCPMT ref: 0047CD9A
                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 0047CDC4
                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 0047CDE7
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                • String ID:
                                                                • API String ID: 2081738530-0
                                                                • Opcode ID: 28da64327ea27554a00a06c9e40525b24cdd21d51c36f3309ffdeb549bf855e5
                                                                • Instruction ID: 5e0d328f53af4ec2248f8036dfe48c657d56e4526373956cc4eb9e978e4c29ea
                                                                • Opcode Fuzzy Hash: 28da64327ea27554a00a06c9e40525b24cdd21d51c36f3309ffdeb549bf855e5
                                                                • Instruction Fuzzy Hash: FE419A71800219CFCB21CF98C980BEFBBB4EB15714F14856ED80A67381D738AE04CBA5
                                                                Function 00157F49 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLastError.KERNEL32(?,?,00157F40,00155A6B,00155180), ref: 00157F57
                                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00157F65
                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00157F7E
                                                                • SetLastError.KERNEL32(00000000,00157F40,00155A6B,00155180), ref: 00157FD0
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242784215.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000003.00000002.2242762091.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242815596.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242836543.000000000016A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242864527.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242886972.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: ErrorLastValue___vcrt_
                                                                • String ID:
                                                                • API String ID: 3852720340-0
                                                                • Opcode ID: 3d4ac19216367687ec5530f4b2f6058929f61a36dedb694f37e3512466729db5
                                                                • Instruction ID: cac63bb495994d82ad5034a0257f0075d9d8a00615ba86fc3bbe57a0a3e3d361
                                                                • Opcode Fuzzy Hash: 3d4ac19216367687ec5530f4b2f6058929f61a36dedb694f37e3512466729db5
                                                                • Instruction Fuzzy Hash: 1D01B17210C612EEA62567B5BC8682637A8DF5577B721022AFC305D4F1EF924C4E9650
                                                                Function 004AFADE Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLastError.KERNEL32(?,?,004AFAD5,004AF923,004AC85A), ref: 004AFAEC
                                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 004AFAFA
                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 004AFB13
                                                                • SetLastError.KERNEL32(00000000,004AFAD5,004AF923,004AC85A), ref: 004AFB65
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ErrorLastValue___vcrt_
                                                                • String ID:
                                                                • API String ID: 3852720340-0
                                                                • Opcode ID: 0a9cead03a1cbea0f2d00e28f649f33043dad87cbbba68afa2d7a2a72df1b0e0
                                                                • Instruction ID: 5c97271c99781371f32c50c56a2d0a191a69233ae1c55058bab721689d3f3b0d
                                                                • Opcode Fuzzy Hash: 0a9cead03a1cbea0f2d00e28f649f33043dad87cbbba68afa2d7a2a72df1b0e0
                                                                • Instruction Fuzzy Hash: 9001F9321093119E9A2417F5AC559972A65EB23379B24463FF514951E0FB1A5C0CA16C
                                                                Function 00480AC0 Relevance: 9.1, APIs: 6, Instructions: 56COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DeleteObject.GDI32(?), ref: 00480B31
                                                                • EnterCriticalSection.KERNEL32(00000004,8762CD73,?,?,?,?,004C21C0,000000FF,?,00480A9B), ref: 00480B42
                                                                • EnterCriticalSection.KERNEL32(00000004,?,?,?,?,004C21C0,000000FF,?,00480A9B), ref: 00480B4F
                                                                • GdiplusShutdown.GDIPLUS(00000000,?,?,?,?,004C21C0,000000FF,?,00480A9B), ref: 00480B5C
                                                                • LeaveCriticalSection.KERNEL32(00000004,?,?,?,?,004C21C0,000000FF,?,00480A9B), ref: 00480B69
                                                                • LeaveCriticalSection.KERNEL32(00000004,?,?,?,?,004C21C0,000000FF,?,00480A9B), ref: 00480B70
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CriticalSection$EnterLeave$DeleteGdiplusObjectShutdown
                                                                • String ID:
                                                                • API String ID: 4268643673-0
                                                                • Opcode ID: ab380d08308f5f7294dc0c8834127c13781bff22419dd726a23e31aeb0b35f9a
                                                                • Instruction ID: a49544f5ea7446c9cfb95f09875386710a40740b290a3353e41ff902735902d1
                                                                • Opcode Fuzzy Hash: ab380d08308f5f7294dc0c8834127c13781bff22419dd726a23e31aeb0b35f9a
                                                                • Instruction Fuzzy Hash: 8B117FB15002009FD3209F58D848B1A7BF8FF05728F20475EE4258B2D1C77AD806CB94
                                                                Function 001587D9 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 301COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • type_info::operator==.LIBVCRUNTIME ref: 001588F8
                                                                • CallUnexpected.LIBVCRUNTIME ref: 00158B71
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242784215.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000003.00000002.2242762091.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242815596.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242836543.000000000016A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242864527.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242886972.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: CallUnexpectedtype_info::operator==
                                                                • String ID: csm$csm$csm
                                                                • API String ID: 2673424686-393685449
                                                                • Opcode ID: 55c7ccc12e4f8d3a8c569a6d029a210d590a54ae719e9fec6d9e4a32adfe35fd
                                                                • Instruction ID: f7172af49ba3286e5c35d3b05d417f5cc6273c67cbaa8130cec910eab93b4e2a
                                                                • Opcode Fuzzy Hash: 55c7ccc12e4f8d3a8c569a6d029a210d590a54ae719e9fec6d9e4a32adfe35fd
                                                                • Instruction Fuzzy Hash: F0B17971800209EFCF18EFA4C8819AEB7B5FF54316B14415AEC217F252DB31DA5ACB91
                                                                Function 0048A490 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 195COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetEnvironmentStringsW.KERNEL32(8762CD73), ref: 0048A4E4
                                                                • FreeEnvironmentStringsW.KERNEL32(?), ref: 0048A685
                                                                • RtlInitUnicodeString.NTDLL(?), ref: 0048A6D9
                                                                • RtlInitUnicodeString.NTDLL(?,00000000), ref: 0048A6E4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: EnvironmentInitStringStringsUnicode$Free
                                                                • String ID: 0Qv
                                                                • API String ID: 2488768755-416853194
                                                                • Opcode ID: 0d066fd5a037e956643cd3d92a9a96980abf0cb91633621b3d58d647d7d5a7ef
                                                                • Instruction ID: 1a99e4392def1b605416f46e3147960cb17592dd8275db88d5f878599104deaf
                                                                • Opcode Fuzzy Hash: 0d066fd5a037e956643cd3d92a9a96980abf0cb91633621b3d58d647d7d5a7ef
                                                                • Instruction Fuzzy Hash: 6471AAB1C10219EBDB00DF98C884B9EFBF8FF18304F14461BE815A3250E7B8A995CB95
                                                                Function 00156A60 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,BB40E64E,?,?,00000000,00161B77,000000FF,?,00156B21,?,?,00156BBD,00000000), ref: 00156A95
                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00156AA7
                                                                • FreeLibrary.KERNEL32(00000000,?,00000000,00161B77,000000FF,?,00156B21,?,?,00156BBD,00000000), ref: 00156AC9
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242784215.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000003.00000002.2242762091.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242815596.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242836543.000000000016A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242864527.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242886972.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                • String ID: CorExitProcess$mscoree.dll
                                                                • API String ID: 4061214504-1276376045
                                                                • Opcode ID: 08d8cffead9dd2b7b754acad2ebe4fbe1db868d62e4142b3893f73fe679b3afb
                                                                • Instruction ID: 01634860fd176a5e4cffee62445cb874c9b275ef2a15f170a091ccf048df1644
                                                                • Opcode Fuzzy Hash: 08d8cffead9dd2b7b754acad2ebe4fbe1db868d62e4142b3893f73fe679b3afb
                                                                • Instruction Fuzzy Hash: A701AD31944619FFDB118F44CC09FAEBBB8FB04B55F484625FC22A36E0DBB49848CA80
                                                                Function 004A2923 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,8762CD73,00000001,?,00000000,004CEBA0,000000FF,?,004A28BD,?,?,004A2891,00000016), ref: 004A2958
                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 004A296A
                                                                • FreeLibrary.KERNEL32(00000000,?,00000000,004CEBA0,000000FF,?,004A28BD,?,?,004A2891,00000016), ref: 004A298C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                • String ID: CorExitProcess$mscoree.dll
                                                                • API String ID: 4061214504-1276376045
                                                                • Opcode ID: bb5db20903b210e56e17606efd33f47167f5dac7559f5cad6f576f47fa7b3a02
                                                                • Instruction ID: 4a39d6f0df0723e62e133a2fe4a12dc63d6bfdc81165c834358a2709fa0273f6
                                                                • Opcode Fuzzy Hash: bb5db20903b210e56e17606efd33f47167f5dac7559f5cad6f576f47fa7b3a02
                                                                • Instruction Fuzzy Hash: DA01A271A10625AFCB118F54DC05FAFBBBCFB04B10F044627E812A2790DBB89900DA98
                                                                Function 004B82A1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 32libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleW.KERNEL32(kernel32.dll,8762CD73,?,?,004CEC14,000000FF,?,004B87C4,00000105,?,00000000,?,?,?,0047FCE3), ref: 004B82C9
                                                                • GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 004B82D5
                                                                • GetTempPathW.KERNEL32(?,?,004CEC14,000000FF,?,004B87C4,00000105,?,00000000,?,?,?,0047FCE3,?,00000105,?), ref: 004B82F5
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AddressHandleModulePathProcTemp
                                                                • String ID: GetTempPath2W$kernel32.dll
                                                                • API String ID: 775647363-1846531799
                                                                • Opcode ID: f1cf7476179f5a48e5f157bd4a6fca76b08ed530dfc52bf4d8c2badd71eabe8a
                                                                • Instruction ID: 490c9918516094a75be01d3e1b1e27de5ce3fa518d230e70400d3a931493a6c9
                                                                • Opcode Fuzzy Hash: f1cf7476179f5a48e5f157bd4a6fca76b08ed530dfc52bf4d8c2badd71eabe8a
                                                                • Instruction Fuzzy Hash: C2F03A36A44654EFCB159F54EC05F9A7BA8FB09B60F008127EC16937A0DB79A800CB98
                                                                Function 0015D525 Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __alloca_probe_16.LIBCMT ref: 0015D5AA
                                                                • __alloca_probe_16.LIBCMT ref: 0015D673
                                                                • __freea.LIBCMT ref: 0015D6DA
                                                                  • Part of subcall function 0015B3B5: HeapAlloc.KERNEL32(00000000,?,00000000,?,00153C34,?,?,00152442,00001000,?,001523AA), ref: 0015B3E7
                                                                • __freea.LIBCMT ref: 0015D6ED
                                                                • __freea.LIBCMT ref: 0015D6FA
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242784215.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000003.00000002.2242762091.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242815596.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242836543.000000000016A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242864527.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242886972.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: __freea$__alloca_probe_16$AllocHeap
                                                                • String ID:
                                                                • API String ID: 1096550386-0
                                                                • Opcode ID: 098934ae3815b837f132febfede49b7916f70a859365aa9658ac7bb42ed1c2dc
                                                                • Instruction ID: 7af75b38530b62b3acfcce6219ac3fc428279bf55bdd3c92306fe759e24bd10b
                                                                • Opcode Fuzzy Hash: 098934ae3815b837f132febfede49b7916f70a859365aa9658ac7bb42ed1c2dc
                                                                • Instruction Fuzzy Hash: 1051BF72600246EFEB359F64EC81DAB3AA9EB54716B1A0029FC38DE141EB71CC19C761
                                                                Function 0049AEB4 Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __alloca_probe_16.LIBCMT ref: 0049AF39
                                                                • __alloca_probe_16.LIBCMT ref: 0049B002
                                                                • __freea.LIBCMT ref: 0049B069
                                                                  • Part of subcall function 0049D15A: RtlAllocateHeap.NTDLL(00000000,00000001,0043FE44,?,004AD408,0043FE4A,0043FE44,?,?,?,00434C2F,0043FE48,0043FE48), ref: 0049D18C
                                                                • __freea.LIBCMT ref: 0049B07C
                                                                • __freea.LIBCMT ref: 0049B089
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                                • String ID:
                                                                • API String ID: 1423051803-0
                                                                • Opcode ID: eacd31da778fb37b7442589558929131525861ec069ee9dc50b1fd4580814607
                                                                • Instruction ID: c461f83b43c969d084823d86eb7d78e4c690f12dee5ba4d22df99f96e1ee22eb
                                                                • Opcode Fuzzy Hash: eacd31da778fb37b7442589558929131525861ec069ee9dc50b1fd4580814607
                                                                • Instruction Fuzzy Hash: 4C510072600206AFEF209F65AD81EBB7EA9EF84314F15013EFC54D6241EB39DC5086E8
                                                                Function 00151930 Relevance: 7.7, APIs: 5, Instructions: 196COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242784215.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000003.00000002.2242762091.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242815596.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242836543.000000000016A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242864527.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242886972.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: CloseFileHandleSize
                                                                • String ID:
                                                                • API String ID: 3849164406-0
                                                                • Opcode ID: f7e7d1c7febc28ae0117fa80e1e9ec53522b4cfb9b5be72e2d9f7f13c097d2e4
                                                                • Instruction ID: 22b242a1e22839720b0eaf758c1ac9a999af9b4dfa29b11b4b7790ffa4b11c61
                                                                • Opcode Fuzzy Hash: f7e7d1c7febc28ae0117fa80e1e9ec53522b4cfb9b5be72e2d9f7f13c097d2e4
                                                                • Instruction Fuzzy Hash: 0281F1B4D09248EFCB05DFA8D584BAEBBF0BF09305F104929E865AB381D7749948CF56
                                                                Function 001546F6 Relevance: 7.6, APIs: 5, Instructions: 116threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentThreadId.KERNEL32 ref: 0015470A
                                                                • AcquireSRWLockExclusive.KERNEL32(?,?,00000000,00161B20,000000FF,?,00153552), ref: 00154729
                                                                • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,00161B20,000000FF,?,00153552), ref: 00154757
                                                                • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,00161B20,000000FF,?,00153552), ref: 001547B2
                                                                • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,00161B20,000000FF,?,00153552), ref: 001547C9
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242784215.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000003.00000002.2242762091.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242815596.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242836543.000000000016A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242864527.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242886972.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: AcquireExclusiveLock$CurrentThread
                                                                • String ID:
                                                                • API String ID: 66001078-0
                                                                • Opcode ID: c69b0716a9abcc696bdbaf773f5ea7414bfaa7e800b94b8449efee08bfdbf9a4
                                                                • Instruction ID: 970a6d57be234db18dedadf8c6886de895a46e81c70568fe3baf5834551fe974
                                                                • Opcode Fuzzy Hash: c69b0716a9abcc696bdbaf773f5ea7414bfaa7e800b94b8449efee08bfdbf9a4
                                                                • Instruction Fuzzy Hash: 7A414D35900646DFCB24DFA5C8819AAB3F5FF0A31AB10492AD876DBA40D730F9C8CB50
                                                                Function 004B9258 Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3.LIBCMT ref: 004B925F
                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 004B926A
                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 004B92D8
                                                                  • Part of subcall function 004B93BB: std::locale::_Locimp::_Locimp.LIBCPMT ref: 004B93D3
                                                                • std::locale::_Setgloballocale.LIBCPMT ref: 004B9285
                                                                • _Yarn.LIBCPMT ref: 004B929B
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                                                                • String ID:
                                                                • API String ID: 1088826258-0
                                                                • Opcode ID: 9529708b05f48a18c841b776fc683316fa11b0247fd455af3d56381143c4ee67
                                                                • Instruction ID: d57bef6452a6d9f87b7c1f6c81a415e25ff1084f0ba862d3ffc406506ccaed08
                                                                • Opcode Fuzzy Hash: 9529708b05f48a18c841b776fc683316fa11b0247fd455af3d56381143c4ee67
                                                                • Instruction Fuzzy Hash: 2101BC75A002149BDB09EF21E881ABE3BA5BF95714B18400EE90157381CF78AE42DBE9
                                                                Function 0015D200 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,0015D29C,00000000,?,0016B728,?,?,?,0015D1D3,00000004,InitializeCriticalSectionEx,00163740,00163748), ref: 0015D20D
                                                                • GetLastError.KERNEL32(?,0015D29C,00000000,?,0016B728,?,?,?,0015D1D3,00000004,InitializeCriticalSectionEx,00163740,00163748,00000000,?,00158E2C), ref: 0015D217
                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 0015D23F
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242784215.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000003.00000002.2242762091.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242815596.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242836543.000000000016A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242864527.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242886972.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: LibraryLoad$ErrorLast
                                                                • String ID: api-ms-
                                                                • API String ID: 3177248105-2084034818
                                                                • Opcode ID: dc9c63275c9cc81072b38e553692661cad6a234b85cae9f0b01937466068bd97
                                                                • Instruction ID: 0740963549d63a84086d67044fd1b057db9f0b9ed016614e024f0cccf654ce5b
                                                                • Opcode Fuzzy Hash: dc9c63275c9cc81072b38e553692661cad6a234b85cae9f0b01937466068bd97
                                                                • Instruction Fuzzy Hash: D3E01A70684208F6EF211B60EC06B683B649B50B52F144420FD1CEC4E1DBB1E9989684
                                                                Function 004B0B2E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,004B0ADF,00000000,?,0051BBA8,?,?,?,004B0C82,00000004,InitializeCriticalSectionEx,004D70E4,004D70EC), ref: 004B0B3B
                                                                • GetLastError.KERNEL32(?,004B0ADF,00000000,?,0051BBA8,?,?,?,004B0C82,00000004,InitializeCriticalSectionEx,004D70E4,004D70EC,00000000,?,004B0A39), ref: 004B0B45
                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 004B0B6D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: LibraryLoad$ErrorLast
                                                                • String ID: api-ms-
                                                                • API String ID: 3177248105-2084034818
                                                                • Opcode ID: e73f2d59ed71ffe050e3980c02a90d09a2b8a6f7f1eeff266cde429a2dd4b4c8
                                                                • Instruction ID: d85af749d3a2776d246a861fdd0c76bc3b777c55ee5f54f02c25fa514b149693
                                                                • Opcode Fuzzy Hash: e73f2d59ed71ffe050e3980c02a90d09a2b8a6f7f1eeff266cde429a2dd4b4c8
                                                                • Instruction Fuzzy Hash: 25E04F30284305B7EF221BA1EC0AF5E3B55AB11B49F144032F90CA91E1EBA6A910859C
                                                                Function 0047F2C0 Relevance: 6.5, APIs: 4, Instructions: 457registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegOpenKeyExA.ADVAPI32(80000001,0051C570,00000000,00020019,00000000,?,?,?,8762CD73,?,0051C2A0), ref: 0047F4D0
                                                                • RegQueryValueExA.ADVAPI32(00000000,0051C2A0,00000000,000F003F,?,00000400,?,?,?,8762CD73,?,0051C2A0), ref: 0047F506
                                                                • RegCloseKey.ADVAPI32(00000000,?,?,?,8762CD73,?,0051C2A0), ref: 0047F5A4
                                                                • SysFreeString.OLEAUT32 ref: 0047FA14
                                                                  • Part of subcall function 0047A610: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 0047A678
                                                                  • Part of subcall function 0047A610: LocalFree.KERNEL32(?,00000000), ref: 0047A70F
                                                                  • Part of subcall function 004870B0: RegOpenKeyExA.KERNEL32(80000001,0051C570,00000000,00020019,00000000,8762CD73,0051C570,0051C2A0), ref: 00487182
                                                                  • Part of subcall function 004870B0: RegQueryValueExA.KERNEL32(00000000,?,00000000,000F003F,?,00000400), ref: 004871B6
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FreeOpenQueryValue$CloseCryptDataLocalStringUnprotect
                                                                • String ID:
                                                                • API String ID: 2380017125-0
                                                                • Opcode ID: a521d0abf644b9380dcd8d70f5715900671aedad0facd1908bb1e921974b8b3c
                                                                • Instruction ID: 56cbdaf4eb2024de0fd4bd59dbcd72090a4e5b75bdf23aa4f75e7a392944198d
                                                                • Opcode Fuzzy Hash: a521d0abf644b9380dcd8d70f5715900671aedad0facd1908bb1e921974b8b3c
                                                                • Instruction Fuzzy Hash: 24122BF0E002689BDB24DF24CC5479DB7B5AF44318F1086EAD64DA7282DB346E88CF59
                                                                Function 0015DCA8 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetConsoleOutputCP.KERNEL32(BB40E64E,00000000,00000000,?), ref: 0015DD0B
                                                                  • Part of subcall function 0015C8A1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0015D6D0,?,00000000,-00000008), ref: 0015C902
                                                                • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0015DF5D
                                                                • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 0015DFA3
                                                                • GetLastError.KERNEL32 ref: 0015E046
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242784215.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000003.00000002.2242762091.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242815596.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242836543.000000000016A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242864527.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242886972.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                • String ID:
                                                                • API String ID: 2112829910-0
                                                                • Opcode ID: d62c6526541fd29d35b03c21f051e52b99409ac6ff56e52bc3a704813ed405ae
                                                                • Instruction ID: 6b2e71619e016b156cb4e55558663dd5c09fdfdaf76330941888eeefdcf6ee2c
                                                                • Opcode Fuzzy Hash: d62c6526541fd29d35b03c21f051e52b99409ac6ff56e52bc3a704813ed405ae
                                                                • Instruction Fuzzy Hash: 84D17D75E04248DFCB19CFA8D8809ADBBF5FF08315F18456AE826EB251D770A94ACB50
                                                                Function 0049B476 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetConsoleOutputCP.KERNEL32(8762CD73,00000000,00000000,00000000), ref: 0049B4D9
                                                                  • Part of subcall function 004A1489: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0049B05F,?,00000000,-00000008), ref: 004A14EA
                                                                • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0049B72B
                                                                • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 0049B771
                                                                • GetLastError.KERNEL32 ref: 0049B814
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                • String ID:
                                                                • API String ID: 2112829910-0
                                                                • Opcode ID: aef57a059a08420b8d5dfae5096d35553b8056bffb0ce8bb8e63412c3f54050f
                                                                • Instruction ID: 17746d06032e39ca1db24970b21defb679d9c3d722e4804f7fdb3bafa319cb4d
                                                                • Opcode Fuzzy Hash: aef57a059a08420b8d5dfae5096d35553b8056bffb0ce8bb8e63412c3f54050f
                                                                • Instruction Fuzzy Hash: 15D17A75D002489FCF05CFE9E980AEDBBB5EF49314F18816AE425EB351D734A906CB94
                                                                Function 00478300 Relevance: 6.3, APIs: 4, Instructions: 321COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00477B00: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,8762CD73,?,?), ref: 00477B54
                                                                  • Part of subcall function 00477B00: Process32FirstW.KERNEL32(00000000,?), ref: 00477BB9
                                                                  • Part of subcall function 00477B00: CloseHandle.KERNEL32(00000000), ref: 00477E84
                                                                • ImpersonateLoggedOnUser.ADVAPI32(00000000,8762CD73,?,00000000), ref: 00478391
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CloseCreateFirstHandleImpersonateLoggedProcess32SnapshotToolhelp32User
                                                                • String ID:
                                                                • API String ID: 1507787261-0
                                                                • Opcode ID: ebec02cd2df44e7bd4fb65aecaaffec3bb885a70c3ad5895e8640ffefb46c4a4
                                                                • Instruction ID: e502c6a69380433c55fd31efa36561dbf437e01bd72b95285a5588c942f2c0dc
                                                                • Opcode Fuzzy Hash: ebec02cd2df44e7bd4fb65aecaaffec3bb885a70c3ad5895e8640ffefb46c4a4
                                                                • Instruction Fuzzy Hash: F5F17070C0428DDEEB15DBA4C8587DDBBB0AF15308F24819ED04977292DB785F88DBA6
                                                                Function 00158500 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242784215.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000003.00000002.2242762091.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242815596.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242836543.000000000016A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242864527.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242886972.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: AdjustPointer
                                                                • String ID:
                                                                • API String ID: 1740715915-0
                                                                • Opcode ID: 25659cb0bbdcfa813449b34b279a706b99228d64b41cb146f722e3ce88d594e1
                                                                • Instruction ID: d8eb11bf36a50ee99364f4ac6ca9f7ee7fe6f53640dc94bfb7a38abc3045cafe
                                                                • Opcode Fuzzy Hash: 25659cb0bbdcfa813449b34b279a706b99228d64b41cb146f722e3ce88d594e1
                                                                • Instruction Fuzzy Hash: 7051B172A01606DFDB298F54D851BBA77A5EF14312F14452DEC226F291EF31EC48DB90
                                                                Function 004AFBF5 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AdjustPointer
                                                                • String ID:
                                                                • API String ID: 1740715915-0
                                                                • Opcode ID: e71c71c21820e5819a4508bd04d803321a7ecaf8570da358721e6539f5a36dac
                                                                • Instruction ID: 33b3d652e50ecda4e79a0ecf225597f03c3ffd3297545ef1ce997a4b46d38663
                                                                • Opcode Fuzzy Hash: e71c71c21820e5819a4508bd04d803321a7ecaf8570da358721e6539f5a36dac
                                                                • Instruction Fuzzy Hash: AF51D0B150020A9FEB269FD1D881BAA77A4FF62718F10003EEC434B291D739E849C798
                                                                Function 004A077A Relevance: 6.1, APIs: 4, Instructions: 132COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 00fa7b59af023eaaf071b224feea6c80f4edf5776798c8ca34953c892f2afd27
                                                                • Instruction ID: 6bad779769d7c9384c33fcc5b288381071ef860472916b423066c301ca7f7ee1
                                                                • Opcode Fuzzy Hash: 00fa7b59af023eaaf071b224feea6c80f4edf5776798c8ca34953c892f2afd27
                                                                • Instruction Fuzzy Hash: D141E675A00704AFDB24AF39CC41B6BBBA9EB99714F20452FF101DB781D77DA9418B88
                                                                Function 0015BD28 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0015C8A1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0015D6D0,?,00000000,-00000008), ref: 0015C902
                                                                • GetLastError.KERNEL32(?,?,?,00000000,00000000,?,0015C0CE,?,?,?,00000000), ref: 0015BD8C
                                                                • __dosmaperr.LIBCMT ref: 0015BD93
                                                                • GetLastError.KERNEL32(00000000,0015C0CE,?,?,00000000,?,?,?,00000000,00000000,?,0015C0CE,?,?,?,00000000), ref: 0015BDCD
                                                                • __dosmaperr.LIBCMT ref: 0015BDD4
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242784215.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000003.00000002.2242762091.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242815596.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242836543.000000000016A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242864527.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242886972.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                • String ID:
                                                                • API String ID: 1913693674-0
                                                                • Opcode ID: bfe3732a88d39b964d2e50d5b10e1958c2e26e8dc2a177a0edbae697ebb76b32
                                                                • Instruction ID: 9347f97cb91ecc8e2d2ee2db85261ec645f27f5f25303bc3bd947c7335166cf6
                                                                • Opcode Fuzzy Hash: bfe3732a88d39b964d2e50d5b10e1958c2e26e8dc2a177a0edbae697ebb76b32
                                                                • Instruction Fuzzy Hash: 61217171608206EFDB20AFA588D196AB7B9EF5436A7108518FC399F150D774EC488B91
                                                                Function 004BA942 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 004A1489: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0049B05F,?,00000000,-00000008), ref: 004A14EA
                                                                • GetLastError.KERNEL32 ref: 004BA9A6
                                                                • __dosmaperr.LIBCMT ref: 004BA9AD
                                                                • GetLastError.KERNEL32(?,?,?,?), ref: 004BA9E7
                                                                • __dosmaperr.LIBCMT ref: 004BA9EE
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                • String ID:
                                                                • API String ID: 1913693674-0
                                                                • Opcode ID: 51edd5c4e5c25a430a3840a704f497c195c233776ddb3170bc40658ab91a4e1f
                                                                • Instruction ID: cdbbd9429668cd5750c88df838a7d8834fbfbf28e86e5927cf8d45539b4e27df
                                                                • Opcode Fuzzy Hash: 51edd5c4e5c25a430a3840a704f497c195c233776ddb3170bc40658ab91a4e1f
                                                                • Instruction Fuzzy Hash: 7A21C871600605AF8F21AF66CC809ABBBADFF44368711492FF91597210D739EC60D7BA
                                                                Function 0015C2C4 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242784215.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000003.00000002.2242762091.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242815596.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242836543.000000000016A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242864527.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242886972.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f4a714f7af5547b012412c788b16acb2f7c16eb85b02c8a53f2800bc21013f20
                                                                • Instruction ID: f820cfdf30ff0ffd4eb732678d15b3736b6d3b8079be05e677f7bd60c18f824e
                                                                • Opcode Fuzzy Hash: f4a714f7af5547b012412c788b16acb2f7c16eb85b02c8a53f2800bc21013f20
                                                                • Instruction Fuzzy Hash: 1E217971600309EFDB60AFB5CC8186B77A9BF1436A7108A15FD399A650DB31EC488BE1
                                                                Function 004989A8 Relevance: 6.1, APIs: 4, Instructions: 79COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 29faf50d70bb4521c0c7912d0192e47e6614307814943c5259d0fead7ff358f5
                                                                • Instruction ID: 5e5224636d54f024fd63f309ffc809bb58d9736df3a284f1f4315f29edb86acb
                                                                • Opcode Fuzzy Hash: 29faf50d70bb4521c0c7912d0192e47e6614307814943c5259d0fead7ff358f5
                                                                • Instruction Fuzzy Hash: F321A171600205AFCF21EF6ADC4496B7FA9AF42368720453FF91597251EF38ED008799
                                                                Function 0015C99D Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetEnvironmentStringsW.KERNEL32 ref: 0015C9A5
                                                                  • Part of subcall function 0015C8A1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0015D6D0,?,00000000,-00000008), ref: 0015C902
                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0015C9DD
                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0015C9FD
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242784215.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000003.00000002.2242762091.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242815596.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242836543.000000000016A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242864527.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242886972.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                • String ID:
                                                                • API String ID: 158306478-0
                                                                • Opcode ID: 1efe61e1fbbedae1667bbe0bcceda6923943395b50af7852b365439595a01192
                                                                • Instruction ID: 61fb07344a6766c9f179a02fa4b707177df91b9cfc7cbaf258909519d9eb56a4
                                                                • Opcode Fuzzy Hash: 1efe61e1fbbedae1667bbe0bcceda6923943395b50af7852b365439595a01192
                                                                • Instruction Fuzzy Hash: 7A11E1E1905319FE6611ABB19C89CAF2D6CDEA47AB3500425FC21EA140FBA08D4982F1
                                                                Function 004AB379 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetEnvironmentStringsW.KERNEL32 ref: 004AB381
                                                                  • Part of subcall function 004A1489: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0049B05F,?,00000000,-00000008), ref: 004A14EA
                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 004AB3B9
                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 004AB3D9
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                • String ID:
                                                                • API String ID: 158306478-0
                                                                • Opcode ID: 1d91f606ac6a83883d4ef3ff80323bf4a1fd7361cb21549a9305e1241be95ec6
                                                                • Instruction ID: 352b9fd8ff6adfd48aa864b65f723ba5a946c2f7c3dd1541d1c3166fed4ac287
                                                                • Opcode Fuzzy Hash: 1d91f606ac6a83883d4ef3ff80323bf4a1fd7361cb21549a9305e1241be95ec6
                                                                • Instruction Fuzzy Hash: B21156B19015157E7A1167B65C8AD6F6A5CDE5A398B10403BF801D1203EB7D9D0245BA
                                                                Function 00151E00 Relevance: 6.1, APIs: 4, Instructions: 53threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • std::_Throw_Cpp_error.LIBCPMT ref: 00151E2D
                                                                • GetCurrentThreadId.KERNEL32 ref: 00151E3B
                                                                • std::_Throw_Cpp_error.LIBCPMT ref: 00151E54
                                                                • std::_Throw_Cpp_error.LIBCPMT ref: 00151E93
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242784215.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000003.00000002.2242762091.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242815596.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242836543.000000000016A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242864527.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242886972.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: Cpp_errorThrow_std::_$CurrentThread
                                                                • String ID:
                                                                • API String ID: 2261580123-0
                                                                • Opcode ID: 0b15fa192cc870b26e2b6e4515164a11c1b2b8411ed7af192a24b85af959c03b
                                                                • Instruction ID: c7c620c443b262f92ee134b4b1a42cfbfac8b0889db92cfb77f46c901462de2c
                                                                • Opcode Fuzzy Hash: 0b15fa192cc870b26e2b6e4515164a11c1b2b8411ed7af192a24b85af959c03b
                                                                • Instruction Fuzzy Hash: 9D21C3B0D04209DFCB05EFA8C5827ADBBF1EF58301F01845DE869AB351D7349945CB51
                                                                Function 004B8430 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • WideCharToMultiByte.KERNEL32(00000001,00000400,8762CD73,00000000,00000000,00000000,00000000,00000000,00000001,?,?,0044E5F3,?,?,00000000,00000000), ref: 004B844D
                                                                • GetLastError.KERNEL32(?,?,0044E5F3,?,?,00000000,00000000,00000000,8762CD73,00000001), ref: 004B8459
                                                                • WideCharToMultiByte.KERNEL32(00000001,00000000,8762CD73,00000000,00000000,00000000,00000000,00000000,?,?,0044E5F3,?,?,00000000,00000000,00000000), ref: 004B847F
                                                                • GetLastError.KERNEL32(?,?,0044E5F3,?,?,00000000,00000000,00000000,8762CD73,00000001), ref: 004B848B
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ByteCharErrorLastMultiWide
                                                                • String ID:
                                                                • API String ID: 203985260-0
                                                                • Opcode ID: b17853a5fac4461212df69502fdb333749a3d57a63655a8d7d2491092ae6608b
                                                                • Instruction ID: 6b90caf3a67b14ffb57c64759c70b961d31bb881305e702148557666a2de5e43
                                                                • Opcode Fuzzy Hash: b17853a5fac4461212df69502fdb333749a3d57a63655a8d7d2491092ae6608b
                                                                • Instruction Fuzzy Hash: FB01BF36601156BFCF224F95DC08E9F3F7AEBD9791F118029FA0556220DA31C922EBA5
                                                                Function 0015FD00 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000,?,0015F4A1,00000000,00000001,00000000,?,?,0015E09A,?,00000000,00000000), ref: 0015FD17
                                                                • GetLastError.KERNEL32(?,0015F4A1,00000000,00000001,00000000,?,?,0015E09A,?,00000000,00000000,?,?,?,0015D9E0,00000000), ref: 0015FD23
                                                                  • Part of subcall function 0015FD74: CloseHandle.KERNEL32(FFFFFFFE,0015FD33,?,0015F4A1,00000000,00000001,00000000,?,?,0015E09A,?,00000000,00000000,?,?), ref: 0015FD84
                                                                • ___initconout.LIBCMT ref: 0015FD33
                                                                  • Part of subcall function 0015FD55: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0015FCF1,0015F48E,?,?,0015E09A,?,00000000,00000000,?), ref: 0015FD68
                                                                • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,?,0015F4A1,00000000,00000001,00000000,?,?,0015E09A,?,00000000,00000000,?), ref: 0015FD48
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242784215.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000003.00000002.2242762091.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242815596.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242836543.000000000016A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242864527.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242886972.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                • String ID:
                                                                • API String ID: 2744216297-0
                                                                • Opcode ID: 5567f1d2d1a8a3bc1b502ed934ac26cfb4ab25ef10b84a11c24360233e18c84b
                                                                • Instruction ID: c8c94e792dd0bf8339a0d14af09ad6adc9404ad4d47833385aa0d533ac4c98cf
                                                                • Opcode Fuzzy Hash: 5567f1d2d1a8a3bc1b502ed934ac26cfb4ab25ef10b84a11c24360233e18c84b
                                                                • Instruction Fuzzy Hash: 37F0C036540116FBCF221FD5DC0CA9A3F36FF093A2B444524FE199A530DBB288A5AB91
                                                                Function 004A95E5 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,00000000,?,004A671A,00000000,00000001,0000000C,00000000,?,0049B868,00000000,00000000,00000000), ref: 004A95FC
                                                                • GetLastError.KERNEL32(?,004A671A,00000000,00000001,0000000C,00000000,?,0049B868,00000000,00000000,00000000,00000000,00000000,?,0049BE42,?), ref: 004A9608
                                                                  • Part of subcall function 004A95CE: CloseHandle.KERNEL32(FFFFFFFE,004A9618,?,004A671A,00000000,00000001,0000000C,00000000,?,0049B868,00000000,00000000,00000000,00000000,00000000), ref: 004A95DE
                                                                • ___initconout.LIBCMT ref: 004A9618
                                                                  • Part of subcall function 004A9590: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,004A95BF,004A6707,00000000,?,0049B868,00000000,00000000,00000000,00000000), ref: 004A95A3
                                                                • WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,?,004A671A,00000000,00000001,0000000C,00000000,?,0049B868,00000000,00000000,00000000,00000000), ref: 004A962D
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                • String ID:
                                                                • API String ID: 2744216297-0
                                                                • Opcode ID: 798d55b3f7968c96ef430ebc1f18d2e2465c9867b2c7648d7be43d295ef59026
                                                                • Instruction ID: 8abc0c58445a332f8c6052495b9482a66327941653e6e46fd38a52645a0d97bb
                                                                • Opcode Fuzzy Hash: 798d55b3f7968c96ef430ebc1f18d2e2465c9867b2c7648d7be43d295ef59026
                                                                • Instruction Fuzzy Hash: DCF01237441215BBCF521F91DC09ACE3F66EF19364F024426FA2C86120C6368D60DB94
                                                                Function 00154F01 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetSystemTimeAsFileTime.KERNEL32(?), ref: 00154F13
                                                                • GetCurrentThreadId.KERNEL32 ref: 00154F22
                                                                • GetCurrentProcessId.KERNEL32 ref: 00154F2B
                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 00154F38
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242784215.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000003.00000002.2242762091.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242815596.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242836543.000000000016A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242864527.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242886972.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                • String ID:
                                                                • API String ID: 2933794660-0
                                                                • Opcode ID: 7b954de386896378882926df1ed635ae4a85ae26c6936cf0850de0c5f5163c1b
                                                                • Instruction ID: 3f68e3fad3b23c1d2f4848b9fae4bb3875d810951dc8425136ebcd35a99a0fda
                                                                • Opcode Fuzzy Hash: 7b954de386896378882926df1ed635ae4a85ae26c6936cf0850de0c5f5163c1b
                                                                • Instruction Fuzzy Hash: 4DF06274D1020DEBCB00DBF4DA49A9EBBF4FF1C205B914A95E412E7510EB70AB889B51
                                                                Function 00158BFD Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 125COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,00158AFE,?,?,00000000,00000000,00000000,?), ref: 00158C22
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242784215.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000003.00000002.2242762091.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242815596.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242836543.000000000016A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242864527.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242886972.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: EncodePointer
                                                                • String ID: MOC$RCC
                                                                • API String ID: 2118026453-2084237596
                                                                • Opcode ID: 1a0038502e43e8d1bc4986922101282cd4f66244e819d8280300a4aa5d8a5084
                                                                • Instruction ID: 6fe9471d616c4e11f3ecdf86c0b1150bcf293f23e1d70f62b4fc71075624e3e3
                                                                • Opcode Fuzzy Hash: 1a0038502e43e8d1bc4986922101282cd4f66244e819d8280300a4aa5d8a5084
                                                                • Instruction Fuzzy Hash: E6417671900209EFCF15DF98C881AEEBBB5BF18305F184159FD25BA291D735AA54CB60
                                                                Function 00453E10 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 125COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00453EF4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Concurrency::cancel_current_task
                                                                • String ID: `aC$p]C
                                                                • API String ID: 118556049-1363152631
                                                                • Opcode ID: 15b0531adf7878dcd052dc043384283fbe7e7e749bd6b518c848f3481f58b70e
                                                                • Instruction ID: 7ffd0bf130dfa3baccabcf7c02000b8885a72f27ff8372dee48aba471c76e642
                                                                • Opcode Fuzzy Hash: 15b0531adf7878dcd052dc043384283fbe7e7e749bd6b518c848f3481f58b70e
                                                                • Instruction Fuzzy Hash: 2B4114B1D002089BCB24DF58C841BAFBBF4EF45354F10426FEC2597382E7799A148B95
                                                                Function 004B01F1 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • EncodePointer.KERNEL32(00000000,?), ref: 004B0216
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: EncodePointer
                                                                • String ID: MOC$RCC
                                                                • API String ID: 2118026453-2084237596
                                                                • Opcode ID: f6a5424a3b0add0d67cdb7a4433499b834c2692f3a3c89efa9c8eec31821c917
                                                                • Instruction ID: 70788f387beb527cb8114cdc5e5f216b8ccff70d73c61da87df7ae4bd57bd2ae
                                                                • Opcode Fuzzy Hash: f6a5424a3b0add0d67cdb7a4433499b834c2692f3a3c89efa9c8eec31821c917
                                                                • Instruction Fuzzy Hash: EE415871900209AFCF16CF98CD85AEEBBB5FF48305F18809AFA0567211D3399950DB68
                                                                Function 00158469 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 001586E0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242784215.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                                                                • Associated: 00000003.00000002.2242762091.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242815596.0000000000162000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242836543.000000000016A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242864527.000000000016D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2242886972.0000000000170000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_150000_drop1.jbxd
                                                                Similarity
                                                                • API ID: ___except_validate_context_record
                                                                • String ID: csm$csm
                                                                • API String ID: 3493665558-3733052814
                                                                • Opcode ID: 9e6b565f10564cbc0613981958a1e449d96bfa85ca6e174167199685a1563d02
                                                                • Instruction ID: f5d700c8c68a8129b56df9c1a780eb9cfd2526b1aee7ef211b0c1cf052c6799d
                                                                • Opcode Fuzzy Hash: 9e6b565f10564cbc0613981958a1e449d96bfa85ca6e174167199685a1563d02
                                                                • Instruction Fuzzy Hash: B131B036400219DBCF269F50CC449AA7BA6FF0C317B38455AFD646D221DB32CCA9DB91
                                                                Function 0047DD40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0047DDD1
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Ios_base_dtorstd::ios_base::_
                                                                • String ID: .G$0hC
                                                                • API String ID: 323602529-633007509
                                                                • Opcode ID: fa7f0577eed2ee249957cc315ff075d2cc7a9cf360a169e300ae923cf5853acc
                                                                • Instruction ID: def2e33cd38b5e824c816681f9ae39c6530dfa40910c99229239c839cc9e5e1b
                                                                • Opcode Fuzzy Hash: fa7f0577eed2ee249957cc315ff075d2cc7a9cf360a169e300ae923cf5853acc
                                                                • Instruction Fuzzy Hash: 9B21AE74940245DFD720CF1AC844B99FBF8FF05324F148A6EE85597391D775A904CB84
                                                                Function 0044BEB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ___std_exception_copy.LIBVCRUNTIME ref: 0044BEF3
                                                                • ___std_exception_copy.LIBVCRUNTIME ref: 0044BF26
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ___std_exception_copy
                                                                • String ID: MC
                                                                • API String ID: 2659868963-1829682832
                                                                • Opcode ID: ab36d56284830d128f6cf4340ca16e134d89125db0bb4639ace7817866229729
                                                                • Instruction ID: 159077f32092c3bc03b4ae882dbf743a881f4ebbd8d79b989d6de070d85d5faa
                                                                • Opcode Fuzzy Hash: ab36d56284830d128f6cf4340ca16e134d89125db0bb4639ace7817866229729
                                                                • Instruction Fuzzy Hash: 4E112EB5900649EFCB11CF59C980B86FBE8FF19320F10C66BE815A7640E7B4A944CBA4
                                                                Function 004827A6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0048285D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Ios_base_dtorstd::ios_base::_
                                                                • String ID: 0$0hC
                                                                • API String ID: 323602529-784950247
                                                                • Opcode ID: 622b40fb6d894d5aa1115991de8c2c5b589d84d9705eb3b065fc2cec7fc6fad0
                                                                • Instruction ID: dd26a1c23eadb7639fef0861fdc2b6c05f84c76fd28c7669f454e47aafc92c53
                                                                • Opcode Fuzzy Hash: 622b40fb6d894d5aa1115991de8c2c5b589d84d9705eb3b065fc2cec7fc6fad0
                                                                • Instruction Fuzzy Hash: FC21F074905298CFCB10CF98C6887DCBBF0AB09308F2480EAD949A7381D775AE58CF55
                                                                Function 0047D9C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0047DA4F
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Ios_base_dtorstd::ios_base::_
                                                                • String ID: .G$0hC
                                                                • API String ID: 323602529-633007509
                                                                • Opcode ID: d1051db2cb1cfc94d531bfa9645f70c65f72b0c573f779327227424f90c0fd69
                                                                • Instruction ID: 8e7f9f1aa37db0bf33048e17fc0a06a73726813013154025c8e8923a4ade326e
                                                                • Opcode Fuzzy Hash: d1051db2cb1cfc94d531bfa9645f70c65f72b0c573f779327227424f90c0fd69
                                                                • Instruction Fuzzy Hash: 121149B4940744CFDB21CF49C984A99BBF8FB09324F108A5EE89697391D775AA44CF80
                                                                Function 00438A00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ___std_exception_destroy.LIBVCRUNTIME ref: 00438A46
                                                                • ___std_exception_destroy.LIBVCRUNTIME ref: 00438A5C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ___std_exception_destroy
                                                                • String ID: MC
                                                                • API String ID: 4194217158-1829682832
                                                                • Opcode ID: 36b679e11db0edd653e0a2647b8e85e069932705a2a35767823b219f623ddd02
                                                                • Instruction ID: 2156576f1eef92af9ffbb3102a1cf8c86cd110feba5e05fe60ab6789c6c907d6
                                                                • Opcode Fuzzy Hash: 36b679e11db0edd653e0a2647b8e85e069932705a2a35767823b219f623ddd02
                                                                • Instruction Fuzzy Hash: 5A01B5B1C44318EBC710DF58DD01B8ABBE8EB1A714F10466FE811E3780E779A60487A5
                                                                Function 00438CC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ___std_exception_destroy.LIBVCRUNTIME ref: 00438D06
                                                                • ___std_exception_destroy.LIBVCRUNTIME ref: 00438D1C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ___std_exception_destroy
                                                                • String ID: MC
                                                                • API String ID: 4194217158-1829682832
                                                                • Opcode ID: d7eaf932c4118910232a5250f95a2e385d092f5df7cd9ec96b40b31c7f1f2a93
                                                                • Instruction ID: 34d925613d03c46ca24c24dcd021453886a1a957fa2bd66f6c30760aa6902abf
                                                                • Opcode Fuzzy Hash: d7eaf932c4118910232a5250f95a2e385d092f5df7cd9ec96b40b31c7f1f2a93
                                                                • Instruction Fuzzy Hash: 050192B1C443189BC711DF58DD05B89BBE8EB1A714F14466FE811A3780E7B9A60487A5
                                                                Function 00438DD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ___std_exception_destroy.LIBVCRUNTIME ref: 00438E16
                                                                • ___std_exception_destroy.LIBVCRUNTIME ref: 00438E2C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ___std_exception_destroy
                                                                • String ID: MC
                                                                • API String ID: 4194217158-1829682832
                                                                • Opcode ID: dd0c4f4c0c82000e457c7f44c182c4aade15206cd65931e5a6e762cfa9f818e5
                                                                • Instruction ID: 81858840e3503bfd15470ad0d796ddf3043ff6da9bec83e018f38d9446b02dde
                                                                • Opcode Fuzzy Hash: dd0c4f4c0c82000e457c7f44c182c4aade15206cd65931e5a6e762cfa9f818e5
                                                                • Instruction Fuzzy Hash: 4A01D2B1C442089FC710DF58DD01B8ABBE8EB1A714F10426FE811E3780E7B9A60487A5
                                                                Function 00438A90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ___std_exception_destroy.LIBVCRUNTIME ref: 00438AD6
                                                                • ___std_exception_destroy.LIBVCRUNTIME ref: 00438AEC
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ___std_exception_destroy
                                                                • String ID: MC
                                                                • API String ID: 4194217158-1829682832
                                                                • Opcode ID: 54ef2c628f25b7a2a23f3ae652ac74171c9fd81bd4396ab0a0f6fcd8ada00686
                                                                • Instruction ID: 14708e90e5e2dd6187806a9d8007313cf644032e1f72ff90a2cf062a52645627
                                                                • Opcode Fuzzy Hash: 54ef2c628f25b7a2a23f3ae652ac74171c9fd81bd4396ab0a0f6fcd8ada00686
                                                                • Instruction Fuzzy Hash: AD0131B1C54658DFC710DF98D901B8ABBF8EB09724F10466BE815E3780E779A6048BA5
                                                                Function 00438D50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ___std_exception_destroy.LIBVCRUNTIME ref: 00438D96
                                                                • ___std_exception_destroy.LIBVCRUNTIME ref: 00438DAC
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ___std_exception_destroy
                                                                • String ID: MC
                                                                • API String ID: 4194217158-1829682832
                                                                • Opcode ID: 2a7c72095c6804fc0da1c178a4919001dd8fbeb9815b62e3a8e22e5ece97145b
                                                                • Instruction ID: 57808b7f7ef1f41f2f9046275374ae6f4c4975ec05ee0e2f2319a2ec8c3047b8
                                                                • Opcode Fuzzy Hash: 2a7c72095c6804fc0da1c178a4919001dd8fbeb9815b62e3a8e22e5ece97145b
                                                                • Instruction Fuzzy Hash: BB0136B1C44658DFC710DF98D901B89BBF8EB09714F10466FE815E3780E77566048B65
                                                                Function 0048A6B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlInitUnicodeString.NTDLL(?), ref: 0048A6D9
                                                                • RtlInitUnicodeString.NTDLL(?,00000000), ref: 0048A6E4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: InitStringUnicode
                                                                • String ID: 0Qv
                                                                • API String ID: 4228678080-416853194
                                                                • Opcode ID: 7daf87f8c1ea5e59ace241312ec7f61dd946e809b9173c130261c4fe55fa0827
                                                                • Instruction ID: 9965e4e76de23dc0ee0a0bab637c9cbc157b952fc1d2a329a02330ce3ace71f2
                                                                • Opcode Fuzzy Hash: 7daf87f8c1ea5e59ace241312ec7f61dd946e809b9173c130261c4fe55fa0827
                                                                • Instruction Fuzzy Hash: 7CF03036140649DFC701CF99E888D96B7ECBB6C3107548453E945C7620C232F8A9CB61
                                                                Function 004BA04D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 004805F0: InitializeCriticalSectionEx.KERNEL32(?,00000000,00000000,8762CD73,00000000,004BCF70,000000FF,?,?,00513FC8), ref: 00480617
                                                                  • Part of subcall function 004805F0: GetLastError.KERNEL32(?,00000000,00000000,8762CD73,00000000,004BCF70,000000FF,?,?,00513FC8), ref: 00480621
                                                                • IsDebuggerPresent.KERNEL32(?,?,?,00434B5D), ref: 004BA080
                                                                • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00434B5D), ref: 004BA08F
                                                                Strings
                                                                • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 004BA08A
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2242983706.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_400000_drop1.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CriticalDebugDebuggerErrorInitializeLastOutputPresentSectionString
                                                                • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                • API String ID: 3511171328-631824599
                                                                • Opcode ID: c51739a2d2ef137336e9adc3b97a1d747fb81e18f3053d9a6155fde0035c1d30
                                                                • Instruction ID: d36ccacf6001ae6edc25a42526d65594664b7a1234a3e60676ee06f56b9b42c5
                                                                • Opcode Fuzzy Hash: c51739a2d2ef137336e9adc3b97a1d747fb81e18f3053d9a6155fde0035c1d30
                                                                • Instruction Fuzzy Hash: 64E065701007018FD330AF3AD40C3467BE0AB14304F00882FD945C7750E7B9D4088B66